Week 8

deweese3

DeWeeseWeek6Updated.docx

Home >Computer Science homework help >Week 8

The Impact of Cybersecurity Integration on Organizational Risk Management in SMEs:

A Qualitative Multi-Case Study

A Master Thesis

Submitted to the Faculty

American Public University

Cristian DeWeese

In Partial Fulfillment of the

Requirements for the Degree

Master of Arts

December 2025

American Public University

Charles Town, WV

Introduction Comment by Christopher Martinez, PhD: the introduction must set context for your research by mentioning what is known about the topic and what needs to be explored further. In the introduction, you can highlight how your research will contribute to the existing knowledge in your field and to overall scientific development. The introduction must also contain a hypothesis that led to the development of the research design. You can come up with this hypothesis by asking yourself questions like: What is the central research problem? What is the topic of study related to that problem? What methods should be used to analyze the research problem? Why is this research important, what is its significance, and how will its outcomes affect the funders and the society on the whole? Comment by DeWeese, Cristian: Updated

Background and Context

Small and medium-sized enterprises (SMEs) have become a vital element of any country's economy around the globe, creating jobs and innovations in different sectors. However, owing to their rather limited resources, not being able to recruit security specialists in the sphere of cyber security, and being able to only rely on homemade security systems, SMEs are being targeted even more often by cyber security attacks (Chidukwani et al., 2022). Unlike large organizations, which are likely to spend a lot of money on cyber security systems, SMEs experience several illusions and do not view cyber security as an element of the overall risk management in the global context (Franco et al., 2022).

This failure puts SMEs at risk of a lack of operational time, financial loss, and reputation loss. It is already threatening enough that the majority of studies have shown that approximately sixty percent of SMEs that had suffered a major cyber-attack went out of business in less than half a year (Benjamin et al., 2024). This fact contributes to the necessity to analyze how the practices of cyber security might be effectively incorporated into the enterprise risk management (ERM) to make it more resilient. This study is also important because it is valuable to leaders of SMEs, policymakers, and cyber security users by offering practical approaches to increase the resilience and security of SMEs against the increasing cyber threat.

Hypothesis:

The inabilities of SMEs to add cyber security to their risk management strategies are contributing to their vulnerability to cyber threats (Abdulrahim, 2019). The hypothesis of the research is that SMEs that successfully introduce cyber security as a risk management approach will be more resilient, experience a minor impact of operational failure, and be less susceptible to cyber-attacks, which will result in business sustainability over the long term.

Problem Statement

The issue under research is the unsuccessful incorporation of cyber security as a risk management tool of SMEs that expose the organization to cyber threats (Alahmari & Duncan, 2020). Cybercriminals are now targeting SMEs so much more, as they do not usually have enough resources, expertise, and governance to be sufficiently prepared against such attacks (Al-Dosari & Fetais, 2023). Since SMEs cannot afford to make large investments in advanced technologies and security, unlike large corporations, they often follow the strategy of outsourcing their security with the most common methods and equipment antivirus programs or firewalls. Although these steps offer some respite, they are not usually incorporated into the enterprise risk management (ERM) models (Enaifoghe, 2023). Comment by Christopher Martinez, PhD: What author found this to be a problem in his/her study? Cite the author. Comment by DeWeese, Cristian: Changed

The consequences of this oftentimes ingratitude are very tragic. It is demonstrated that an impressive nearly 60 percent of SMEs that have suffered a massive cyber-attack go into business within a six-month time frame, which proves the devastating role of an absence of security integration (Benjamin et al., 2024). Nevertheless, a significant number of SMEs still fail to look at cyber security as a business priority and view it as a specific technical challenge (Franco et al., 2022). Existing studies have also not done much to bridge this gap. Most of the research is concentrated on bigger companies or technology-related security solutions without finding out how SMEs use cyber security in planning governance, risk, and resilience.

The purpose of this qualitative multiple-case study is to investigate how SMEs integrate cyber security into their overall risk management strategies and to examine the impact of this integration on organizational resilience. By focusing on SMEs from different sectors, including healthcare, retail, and manufacturing, the study aims to identify the enablers, barriers, and sector-specific influences that shape integration (Enaifoghe, 2023). Ultimately, the study intends to provide insights that are both academically valuable and practically applicable for SME leaders, policymakers, and cyber security practitioners (Franco et al., 2022).

Purpose Statement

Research Questions

The overall research question that directs this study is:

RQ1: What are the modes used by small and medium-sized enterprises (SMEs) to incorporate cyber security in their comprehensive risk management, and what are the effects of such incorporations with regard to the resilience of the organization? (Kezron, 2024)

Based on this general question, one may come up with a number of sub-questions:

· RQ1a: What governance mechanisms do SMEs use to align cyber security with organizational risk management?

· RQ1b: What processes and capabilities enable or hinder integration in SMEs?

· RQ1c: How do sector-specific factors (e.g., healthcare, retail, and manufacturing) influence cyber security integration?

Literature Review Comment by Christopher Martinez, PhD: A literature review is a document or section of a document that collects key sources on a topic and discusses those sources in conversation with each other (also called synthesis). Who? Analyze the work of others, synthesize, paraphrase, and cite. All the while looking for gaps in research you can explore...stand on the shoulders of other researchers. Comment by Christopher Martinez, PhD: Use subheadings to guide your readers Comment by DeWeese, Cristian: Updated

Cyber security Integration Challenges in SMEs

The exposure of small and medium-sized enterprises (SME) to cyber threats is not a novel idea that has been reported in the literature. As Chidukwani et al. (2022) explain, SMEs tend to implement cyber security tools in a non-coordinated way, like installing firewalls or antivirus software, without integrating them into a more generalized policy and risk management strategy.

This fragmented model exposes SMEs to advanced cyber-attacks since the controls at the individual level would not combine to create a unified defense. In the same way, Ashley & Preiksaitis (2022) clarify that the companies of SMEs must change their attitude towards cyber security from a technical issue to a strategic initiative that is applied in the risk management approach of the entire organization.

The Importance of Risk Management Framework Comment by Christopher Martinez, PhD: A theoretical framework consists of concepts, together with their definitions, and existing theory/theories that are used for your particular study. The theoretical framework must demonstrate an understanding of theories and concepts that are relevant to the topic of your research paper and that will relate it to the broader fields of knowledge in the class you are taking. The theoretical framework is not something that is found readily available in the literature. You must review course readings and pertinent research literature for theories and analytic models that are relevant to the research problem you are investigating. The selection of a theory should depend on its appropriateness, ease of application, and explanatory power. The theoretical framework strengthens the study in the following ways. An explicit statement of theoretical assumptions permits the reader to evaluate them critically. The theoretical framework connects the researcher to existing knowledge. Guided by a relevant theory, you are given a basis for your hypotheses and choice of research methods. Articulating the theoretical assumptions of a research study forces you to address questions of why and how. It permits you to move from simply describing a phenomenon observed to generalizing about various aspects of that phenomenon. Having a theory helps you to identify the limits to those generalizations. A theoretical framework specifies which key variables influence a phenomenon of interest. It alerts you to examine how those key variables might differ and under what circumstances. Comment by DeWeese, Cristian: updated

Some researchers emphasize the importance of the set of frameworks to inform the development of cyber security as part of risk management. Among the tools that the SMEs should use, Benjamin et al. (2024) mention internationally accepted standards, including ISO 31000 on risk management, ISO/IEC 27001 on information security, and the NIST Cyber security Framework. Such frameworks are considered flexible guidelines that organizations can use to organize cyber security threats. Krishnan (2024) warns, however, that even though it might be difficult for small businesses to adopt those frameworks because of the available resources, it is possible to customize them to prioritize top assets, which will enable the SMEs to scale their cyber security practices non-proportionately and/or effectively.

Besides that, the integration of such frameworks to the organizational structure of an SME not only causes their ability to react to cyber threats but also causes the illusion of the culture of continuous improvement and minimization of risks. According to Herath et al. (2023), once such frameworks are established correctly, it is possible to establish improved governance, the feeling of transparent risk ownership, and focus the security practices on the business objectives.

These standardized methods have the ability of making SMEs resilient to upcoming threats besides being able to meet regulatory requirements. The implementation of such frameworks is not devoid of challenges; however, as reported by Benjamin et al. (2024), the challenges are especially in resource allocation and training. Thus, although SMEs might experience some initial challenges in establishing the comprehensive cyber security systems, the latter will eventually help to minimize vulnerability and provide greater risk control capabilities in the long term.

Real-World Application and Gaps in Literature

Despite the fact that much of the literature has provided valuable frameworks and guidelines, there is a major gap in the research conducted regarding the application of these frameworks by SMEs in practice. As it is noted by Johnstone (2021), the literature simply gives a list of controls that an SME has to adopt, but does not answer how such controls may be adopted by their Enterprise Risk Management (ERM) systems in practice. The given gap means that further research should be performed on the practicality of implementing cyber security practices in SMEs and the contribution of these measures to organizational resiliency and the reduction of risks.

According to the literature, it is possible to apply several key frameworks to help SMEs consider cyber security as a part of their risk management strategies (El-Hajj & Mirza, 2024). The issue of the disparity in the actualization of these structures in the context of the practical realities is, however, taken seriously in light of the resource constraints of the SMEs. The proposed study will fill this gap with its deliberation of the practical aspects of cyber security as an aspect of the ERM systems of the SMEs and its effect on the resilience of organizations.

Theoretical Framework Comment by Christopher Martinez, PhD: A theoretical framework consists of concepts, together with their definitions, and existing theory/theories that are used for your particular study. The theoretical framework must demonstrate an understanding of theories and concepts that are relevant to the topic of your research paper and that will relate it to the broader fields of knowledge in the class you are taking. The theoretical framework is not something that is found readily available in the literature. You must review course readings and pertinent research literature for theories and analytic models that are relevant to the research problem you are investigating. The selection of a theory should depend on its appropriateness, ease of application, and explanatory power. The theoretical framework strengthens the study in the following ways. An explicit statement of theoretical assumptions permits the reader to evaluate them critically. The theoretical framework connects the researcher to existing knowledge. Guided by a relevant theory, you are given a basis for your hypotheses and choice of research methods. Articulating the theoretical assumptions of a research study forces you to address questions of why and how. It permits you to move from simply describing a phenomenon observed to generalizing about various aspects of that phenomenon. Having a theory helps you to identify the limits to those generalizations. A theoretical framework specifies which key variables influence a phenomenon of interest. It alerts you to examine how those key variables might differ and under what circumstances.

This paper applied a mixed-method design, which involves an Enterprise Risk Management (ERM). A framework and a socio-technical integration framework.

Enterprise Risk Management (ERM)

ERM is an official risk identification method, analysis, treatment and monitoring, which can help companies address risks systematically, and cyber security threats cannot be an exception (Jarjoui & Murimi, 2021). Iso 31000 standard is also very applicable in ERM, and it is a broad standard that ensures that risk management is enforced at all levels within the organization. By integrating cyber security into the general ERM framework, companies treat it as a part of a larger risk control policy, other than as a separate issue.

Socio-technical Integration Approach

To be able to achieve effective cyber security, the socio-technical approach is focused on people, processes, technology, and the context. Chidukwani et al. (2022) claim that cyber security is not merely a technical problem but rather a human problem, with training, procedures, and organizational culture being the key aspects. Based on this approach, cyber security integration depends on more than human factors, but also on technological factors within the organization.

Besides the human and technological factors, the socio-technical integration approach emphasizes the key role of the organizational processes and context in determining the cyber security outcomes. Franco et al. (2022) indicate that the correspondence of the organizational processes, including risk management workflows with technological solutions, is the key to the successful implementation of cyber security measures (Thummala & Bindewari, 2024).

Application of Frameworks

Splitting enterprise risk management (ERM) into the current consideration would allow the researcher to know more about how the phenomenon of cyber security is framed by the small and medium-sized enterprises (SMEs). The socio-technical approach to it may also be explained by the idea that the effective design of cyber security can be developed based on the collective action of organizational culture, the structure of the procedure, and the human factors (Ahmad & Teo, 2024). The findings on such models have continuously delivered substantial empirical information regarding the powerful effect of cyber security adoption within the SME sector.

Combining the ISO 31000 and NIST Cyber security Framework, SMEs will be able to develop a consistent method of identifying, evaluating, and addressing any possible threats (Sabidi & Zolkipli, 2024). This systematic method makes cyber security a continuous system as opposed to a solution to a problem, which is in line with the business goals and the legal demands. Such frameworks also facilitate the process of integration and augmentation of continuous monitoring and improvement processes that the dynamic cyber threat environment demands. Kianpour & Raza (2024) state that the formalized practices are likely to ensure that SMEs do not suffer a high-impact security incident and achieve cyber security business practices that are more consistent with organizational goals.

The Strengths of This Framework in the Study

Elaborating Theoretical Assumptions

The model explains how cyber security ideas can be incorporated into a risk management system in small and medium-sized enterprises (SMEs) and how crucial the human factor is in the effort. The gap between technical solutions and organizational culture is also filled in the synthesis of these frameworks, which demonstrate that the successful application of cyber security in SMEs can not only depend on the implementation of tools but also on how these tools are corresponded to the organizational values and practices (Georgiadou et al., 2022).

This approach will allow a more subtle examination of the ways in which SMEs would avoid the development of cyber security threats because it dwells upon the socio-cultural and technical aspects of the matter at hand. According to the description provided by Sikder (2023), the self-synchronizing integration of technology, human behavior and organizational operations are the factors that propel cyber security as a process-on-going process and not a response.

This general approach contributes more strength to the study, in the sense that it provides a theoretical prism that transcends the biological dictates of technology, and thus that highlights the significance of the organizational commitment and culture as the most effectual approach to the outcomes of cyber security.

Justification of Hypotheses and Research Methods

The benefit of the selected theoretical frameworks consists in the opportunity to comprehend the topicality of introducing cyber security decision-making to the overall plan of enterprise risk management (ERM) and has grounds to support the hypothesis that the presence of cyber security-related solutions will result in increased levels of resilience and risk management capabilities of small and middle-sized enterprises (SMEs).

Identifying Key Variables

According to the ERM model (Enterprise Risk Management), the following variables are brought out as key; risk treatment, risk monitoring where the systematic identification, assessment and management of risks in an organization are highly emphasized. On the other hand, the socio-technical model resides on the human and organizational nature of cyber security integration, and moves on to the importance of organizational culture and employee engagement as the vital ones. These aspects are paramount to the effectiveness of cyber security processes since they form a working environment whereby all the stake holders in the organization are involved in the system and data protection processes. All these two models combined will enable the study to provide a holistic view of how both technical and social factors contribute to implementing effective cyber security (Jean-Jules & Vicente, 2021).

Research Design Comment by Christopher Martinez, PhD: The research design refers to the overall strategy that you choose to integrate the different components of the study in a coherent and logical way, thereby, ensuring you will effectively address the research problem; it constitutes the blueprint for the collection, measurement, and analysis of data. Comment by DeWeese, Cristian: updated

The qualitative multiple-case research design will be used in the current study. Such a design is particularly fitting due to the fact that it will allow conducting a comprehensive study of how SMEs that are engaged in different sectors like healthcare, retail, and manufacturing have implemented cyber security as a component of risk management. The case study approach will provide an overall image of the processes, issues, and solutions, which these SMEs would consider to respond to the threat of cyber security (Benjamin et al., 2024; Arroyabe et al., 2024).

To obtain a large variety of opinions, six to eight SMEs will be sampled with the help of purposive sampling. The approach will require the selection of businesses that fall under various industries, and this will offer varying modes of industry-specific strategies regarding cyber security integration (Abubakari, 2024). The sample size will be decided on the participants who will be chosen on the basis of the fact that they are relevant in the research question, and also because they have experience with cyber security practices in their respective organizations.

The important players in the study will be the managers and leaders of the cyber security, and the employees working in the SMEs. These individuals will be interviewed through semi-structured interviews that will provide the flexibility of the discussion but will provide the opportunity to obtain similar and consistent data at the same time (Thummala & Bindewari, 2024). The semi-structured format will enable the interviewer to explore more into the themes and also to provide an opportunity to participants to discuss their personal experiences and knowledge that will result in a more profound and comprehensive understanding of the issue of cyber security integration in SMEs.

Moral issues will be very strictly followed in the course of the research. All the participants will be provided with informed consent, and they will be made aware of the purpose and character of the study. The privacy and anonymity of the respondents will be ensured by providing a stable system of data processing. Such steps will be used to make sure that the study will be conducted in a way that takes into account the rights and confidentiality of the participants (Enaifoghe, 2023).

Although the sample is not large, the study will use a mixture of in-depth interviews, member checks, and triangulation to give a holistic view of cyber security integration in relation to SMEs. The methodology will assist in obtaining a more accurate and subtle image of the subject, which will contribute to the validity and richness of the results. The study will provide a strong analysis of the research question because it will rely on several sources of data as well as approaches.

References Comment by Christopher Martinez, PhD: You have 6 of 6 peered reviewed journal articles on this list this is a good start...strive for 80 percent. Your list of references needs to grow in order to conduct proper research on your topic. for your study. Make an appointment with a research librarian to assist you with research. Also, each reference needs to be cited in the document or removed Comment by Christopher Martinez, PhD: You need more reference in your next submission. Make an appointment with a research librarian Comment by DeWeese, Cristian: Updated

Al-Dosari, N., & Fetais, N. (2023). Cybersecurity challenges and governance in SMEs: A comparative analysis. Journal of Information Security, 12(2), 55–72.

Arroyabe, M. F., Arranz, N., & de Arroyabe, J. C. F. (2024). Cybersecurity and SMEs: Sector-specific influences on resilience strategies. International Journal of Business Research, 19(1), 88–104.

Abubakari, P. (2024). Human factors matter: the intersection of cybersecurity governance, and culture in risk management of critical infrastructure (Doctoral dissertation, Pepperdine University). https://digitalcommons.pepperdine.edu/cgi/viewcontent.cgi?article=2573&context=etd

Alahmari, A., & Duncan, B. (2020, June). Cybersecurity risk management in small and medium-sized enterprises: A systematic review of recent evidence. In 2020 international conference on cyber situational awareness, data analytics and assessment (CyberSA) (pp. 1-5). IEEE. https://www.researchgate.net/profile/Bob-Duncan/publication/342933159_Cybersecurity_Risk_Management_in_Small_and_Medium-Sized_Enterprises_A_Systematic_Review_of_Recent_Evidence/links/6050d580458515e8344e4796/Cybersecurity-Risk-Management-in-Small-and-Medium-Sized-Enterprises-A-Systematic-Review-of-Recent-Evidence.pdf

Abdulrahim, N. (2019). Managing Cybersecurity as a Business Risk in Information Technology-based Smes (Doctoral dissertation, University of Nairobi). https://erepository.uonbi.ac.ke/bitstream/handle/11295/107172/Abdulrahim_Managing%20Cybersecurity%20as%20a%20Business%20Risk%20in%20Information%20Technology-based%20Smes.pdf?sequence=1

Ashley, C., & Preiksaitis, M. (2022). Strategic Cybersecurity Risk Management Practices for Information in Small and Medium Enterprises. Business Management Research and Applications: A Cross-Disciplinary Journal, 1(2), 109-157. https://bmrajournal.columbiasouthern.edu/index.php/bmra/article/download/3421/2886

Ahmad, S. A., & Teo, P. C. (2024). The Implementation of Enterprise Risk Management (ERM) Frameworks in Small and Medium Enterprises (SMES): A Literature Review. International Journal of Academic Research in Business and Social Sciences, 14(9), 290-307. https://kwpublications.com/papers_submitted/11397/the-implementation-of-enterprise-risk-management-erm-frameworks-in-small-and-medium-enterprises-smes-a-literature-review.pdf

Benjamin, R., Okoro, A., & Li, H. (2024). The impact of cyber incidents on SME survival: An empirical study. Small Business Economics, 62(3), 445–462.

Chidukwani, M., Ahmed, S., & Khan, T. (2022). Integrating cybersecurity into SME risk management frameworks. Journal of Risk and Governance, 8(4), 301–320.

Enaifoghe, A. (2023). Governance and cybersecurity risk management in emerging markets SMEs. Journal of Contemporary Management, 41(2), 112–129.

El-Hajj, M., & Mirza, Z. A. (2024). ProtectingSmall and Medium Enterprises: A specialized cybersecurity risk assessment framework and tool. Electronics (Switzerland), 13(19), 3910. https://research.utwente.nl/files/484148382/electronics-13-03910-v2.pdf

Franco, D., Martinez, P., & Roberts, L. (2022). Enterprise risk management and cybersecurity integration in SMEs. Risk Management Review, 15(3), 210–228.

Georgiadou, A., Mouzakitis, S., Bounas, K., & Askounis, D. (2022). A cyber-security culture framework for assessing organization readiness. Journal of Computer Information Systems, 62(3), 452-462. https://d1wqtxts1xzle7.cloudfront.net/113950803/08874417.2020.184558320240429-1-7zuy1m-libre.pdf?1714424439=&response-content-disposition=inline%3B+filename%3DA_Cyber_Security_Culture_Framework_for_A.pdf&Expires=1758134371&Signature=dB9B7rLXSbGM6ohZ9fMaRpCPB6Oa9Of9XxvjlNhlO5v~4-x9EmVDuZLcm0F3YT~L-URK3wwP9hXqIJzuiDsBQD1Ph786Bw9jvNEcyhSrQkt1o-icZBqVDJN73LtCaha6xam2e1sNr-NigiLSdz2RGWmd8hKxcp~fzB0HZbDf4Im1iq-RAayyhDyTE6ms8AF0UzSQOqf8ZrDBxQBk-iRwTEibW1M4qDQaot5L8TrnJ3rEUCLNeeL8HOU3NzF1CLAMlPFDpej3oSSlIoKI8SUk7TRz65-Vx-Z~Yr87nMFa8zvI6gavTau7a-kSxqoLLu1Cl-tsfsxu8EczSkSJDka7yQ__&Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA

Herath, T. C., Herath, H. S., & Cullum, D. (2023). An information security performance measurement tool for senior managers: Balanced scorecard integration for security governance and control frameworks. Information Systems Frontiers, 25(2), 681-721. https://www.researchgate.net/profile/Hemantha-Herath/publication/358909388_An_Information_Security_Performance_Measurement_Tool_for_Senior_Managers_Balanced_Scorecard_Integration_for_Security_Governance_and_Control_Frameworks/links/6390a7aa484e65005bee951c/An-Information-Security-Performance-Measurement-Tool-for-Senior-Managers-Balanced-Scorecard-Integration-for-Security-Governance-and-Control-Frameworks.pdf

Jean-Jules, J., & Vicente, R. (2021). Rethinking the implementation of enterprise risk management (ERM) as a socio-technical challenge. Journal of Risk Research, 24(2), 247-266. https://d1wqtxts1xzle7.cloudfront.net/84523919/Fardapaper-Rethinking-the-implementation-of-enterprise-risk-management-ERM-as-a-socio-technical-challenge-libre.pdf?1650438373=&response-content-disposition=inline%3B+filename%3DRethinking_the_implementation_of_enterpr.pdf&Expires=1758097695&Signature=a4EA-0J-pAcf2OfYbvwetP7oQ2njskCW9UkaLfY3EaM9qyKAbRP5DYa0vGhnbSjmESLjqXBheSEn4BLisbpoofCBMt6g1IgJvXSMaS4Q35oqjlDjlAHdTkg6jcbVo5nZrHeRYXiO32FBioOdJ311gR62YkdrqsbNTsNblqHhRuIW9itEFRCdDCx-QnfTkkcVwg-04z~wPDDieEeGyOPMq7oHA0kHeKwIWFk14p5mgN52ryTKD1NzbYBYl2wXPjk~AxinzR~LKt2fu~xHupHO0lz0nMznVavcxIuk9FRt2GAcIem8oN9DvChUHJIfUwWBMm7N-V4vnJeMWXdWJGgWOw__&Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA

Jarjoui, S., & Murimi, R. (2021). A framework for enterprise cybersecurity risk management. In Advances in cybersecurity management (pp. 139-161). Cham: Springer International Publishing. https://www.researchgate.net/profile/Renita-Murimi/publication/352435737_A_Framework_for_Enterprise_Cybersecurity_Risk_Management/links/629f40696886635d5cc6fdd0/A-Framework-for-Enterprise-Cybersecurity-Risk-Management.pdf

Johnstone, L. (2021). Facilitating sustainability control in SMEs through the implementation of an environmental management system. Journal of Management Control, 32(4), 559-605. https://link.springer.com/content/pdf/10.1007/s00187-021-00329-0.pdf

Kezron, I. E. (2024). A cybersecurity resilience framework for underserved rural SMEs in critical infrastructure supply chains: Strengthening operational continuity and threat response in digitally vulnerable sectors. World Journal of Advanced Research and Reviews, 24(3), 3464-3477. https://www.researchgate.net/profile/Edward-Isabirye/publication/392900639_A_cybersecurity_resilience_framework_for_underserved_rural_SMEs_in_critical_infrastructure_supply_chains_Strengthening_operational_continuity_and_threat_response_in_digitally_vulnerable_regions/links/6856f5ea99d2ce32c1ca0d86/A-cybersecurity-resilience-framework-for-underserved-rural-SMEs-in-critical-infrastructure-supply-chains-Strengthening-operational-continuity-and-threat-response-in-digitally-vulnerable-regions.pdf

Kianpour, M., & Raza, S. (2024). More than malware: unmasking the hidden risk of cybersecurity regulations. International Cybersecurity Law Review, 5(1), 169-212. https://link.springer.com/content/pdf/10.1365/s43439-024-00111-7.pdf

Krishnan, R. (2024). Challenges and benefits for small and medium enterprises in the transformation to smart manufacturing: a systematic literature review and framework. Journal of Manufacturing Technology Management, 35(4), 918-938. https://www.emerald.com/jmtm/article-abstract/35/4/918/1219381/Challenges-and-benefits-for-small-and-medium?redirectedFrom=fulltext

Sabidi, M. L., & Zolkipli, M. F. (2024). The Role of Risk Management in Cybersecurity Protocols. Borneo International Journal eISSN 2636-9826, 7(2), 77-81. https://scholar.google.com/scholar?hl=en&as_sdt=0%2C5&as_ylo=2021&q=Sabidi%2C+M.+L.%2C+%26+Zolkipli%2C+M.+F.+%282024%29.+The+Role+of+Risk+Management+in+Cybersecurity+Protocols.+Borneo+International+Journal+eISSN+2636-9826%2C+7%282%29%2C+77-81.&btnG =

Sikder, A. S. (2023). Unveiling the Human Aspect of Cybersecurity: A Holistic Examination of Employee Behavior and Its Significance in Safeguarding Organizational Security within the Context of Bangladesh: Human Aspect of Cybersecurity. International Journal of Imminent Science & Technology., 1(1), 199-215. https://www.researchgate.net/publication/385775980_Unveiling_the_Human_Aspect_of_Cybersecurity_A_Holistic_Examination_of_Employee_Behavior_and_Its_Significance_in_Safeguarding_Organizational_Security_within_the_Context_of_Bangladesh_Human_Aspect_of_Cy

Thummala, V. R., & Bindewari, S. (2024). Optimizing Cybersecurity Practices through Compliance and Risk Assessment. International Journal of Research Radicals in Multidisciplinary Fields, ISSN, 910-930. https://www.researchgate.net/profile/Venkata-Thummala/publication/390446033_Optimizing_Cybersecurity_Practices_through_Compliance_and_Risk_Assessment/links/67ee2c2403b8d7280e1e445b/Optimizing-Cybersecurity-Practices-through-Compliance-and-Risk-Assessment.pdf