IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v21y2019i6d10.1007_s10796-019-09959-1.html
   My bibliography  Save this article

Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments

Author

Listed:
  • Margareta Heidt

    (Technische Universität Darmstadt)

  • Jin P. Gerlach

    (Technische Universität Darmstadt)

  • Peter Buxmann

    (Technische Universität Darmstadt)

Abstract

Lagging IT security investments in small and medium-sized enterprises (SME) point towards a security divide between SME and large enterprises, yet our structured literature review shows that organizational IT security research has largely neglected the SME context. In an effort to expose reasons for this divide, we build on extant research to conceptualize SME-specific characteristics in a framework and suggest propositions regarding their influence on IT security investments. Based on 25 expert interviews, emerging constraints are investigated and validated. Our findings imply that several widely held assumptions in extant IT security literature should be modified if researchers claim generalizability of their results in an SME context. Exemplary assumptions include the presence of skilled workforce, documented processes or IT-budget planning which are often un(der) developed in SME. Additionally, our study offers context-specific insights regarding particular effects of identified constraints on IT security investments for all involved stakeholders (researchers, SME, large enterprises, governments).

Suggested Citation

  • Margareta Heidt & Jin P. Gerlach & Peter Buxmann, 2019. "Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments," Information Systems Frontiers, Springer, vol. 21(6), pages 1285-1305, December.
    • Handle: RePEc:spr:infosf:v:21:y:2019:i:6:d:10.1007_s10796-019-09959-1
    DOI: 10.1007/s10796-019-09959-1
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-019-09959-1
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-019-09959-1?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Kuo-chung Chang & Chih-ping Wang, 2011. "Information systems resources and information security," Information Systems Frontiers, Springer, vol. 13(4), pages 579-593, September.
    2. Robert J. Bennett & Paul J. A. Robson, 2004. "The role of trust and contract in the supply of business advice," Cambridge Journal of Economics, Oxford University Press, vol. 28(4), pages 471-488, July.
    3. Ajzen, Icek, 1991. "The theory of planned behavior," Organizational Behavior and Human Decision Processes, Elsevier, vol. 50(2), pages 179-211, December.
    4. Lucia Piscitello & Francesca Sgobbi, 2004. "Globalisation, E-Business and SMEs: Evidence from the Italian District of Prato," Small Business Economics, Springer, vol. 22(5), pages 333-347, June.
    5. Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2013. "Contracting Information Security in the Presence of Double Moral Hazard," Information Systems Research, INFORMS, vol. 24(2), pages 295-311, June.
    6. Esther Gal-Or & Anindya Ghose, 2005. "The Economic Incentives for Sharing Security Information," Information Systems Research, INFORMS, vol. 16(2), pages 186-208, June.
    7. Ruby Roy Dholakia & Nir Kshetri, 2004. "Factors Impacting the Adoption of the Internet among SMEs," Small Business Economics, Springer, vol. 23(4), pages 311-322, November.
    8. Jingguo Wang & Aby Chaudhury & H. Raghav Rao, 2008. "Research Note ---A Value-at-Risk Approach to Information Security Investment," Information Systems Research, INFORMS, vol. 19(1), pages 106-120, March.
    9. Jonas Agell, 2004. "Why are Small Firms Different? Managers’ Views," Scandinavian Journal of Economics, Wiley Blackwell, vol. 106(3), pages 437-452, October.
    10. Sonnenschein, Rabea & Loske, André & Buxmann, Peter, 2017. "The Role of Top Managers’ IT Security Awareness in Organizational IT Security Management," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 92784, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    11. Thong, James Y. L., 2001. "Resource constraints and information systems implementation in Singaporean small businesses," Omega, Elsevier, vol. 29(2), pages 143-156, April.
    12. Hwee-Joo Kam & Thomas Mattson & Sanjay Goel, 0. "A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness," Information Systems Frontiers, Springer, vol. 0, pages 1-24.
    13. Chang-Gyu Yang & Hee-Jun Lee, 2016. "A study on the antecedents of healthcare information protection intention," Information Systems Frontiers, Springer, vol. 18(2), pages 253-263, April.
    14. Tawei Wang & Karthik N. Kannan & Jackie Rees Ulmer, 2013. "The Association Between the Disclosure and the Realization of Information Security Risk Factors," Information Systems Research, INFORMS, vol. 24(2), pages 201-218, June.
    15. Detmar W. Straub, 1990. "Effective IS Security: An Empirical Study," Information Systems Research, INFORMS, vol. 1(3), pages 255-276, September.
    16. Carol Hsu & Jae-Nam Lee & Detmar W. Straub, 2012. "Institutional Influences on Information Systems Security Innovations," Information Systems Research, INFORMS, vol. 23(3-part-2), pages 918-939, September.
    17. Beck, Thorsten & Demirguc-Kunt, Asli, 2006. "Small and medium-size enterprises: Access to finance as a growth constraint," Journal of Banking & Finance, Elsevier, vol. 30(11), pages 2931-2943, November.
    18. Thong, J. Y. L. & Yap, C. S., 1995. "CEO characteristics, organizational characteristics and information technology adoption in small businesses," Omega, Elsevier, vol. 23(4), pages 429-442, August.
    19. Mayadunne, Sanjaya & Park, Sungjune, 2016. "An economic model to evaluate information security investment of risk-taking small and medium enterprises," International Journal of Production Economics, Elsevier, vol. 182(C), pages 519-530.
    20. Dutta, Soumitra & Evrard, Philippe, 1999. "Information technology and organisation within European small enterprises," European Management Journal, Elsevier, vol. 17(3), pages 239-251, June.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Elvira Ismagilova & Laurie Hughes & Nripendra P. Rana & Yogesh K. Dwivedi, 2022. "Security, Privacy and Risks Within Smart Cities: Literature Review and Development of a Smart City Interaction Framework," Information Systems Frontiers, Springer, vol. 24(2), pages 393-414, April.
    2. Simon Kratzer & Andreas Drechsler & Markus Westner & Susanne Strahringer, 2022. "The Fractional CIO in SMEs: conceptualization and research agenda," Information Systems and e-Business Management, Springer, vol. 20(3), pages 581-611, September.
    3. Marcel Rolf Pfeifer, 2021. "Development of a Smart Manufacturing Execution System Architecture for SMEs: A Czech Case Study," Sustainability, MDPI, vol. 13(18), pages 1-23, September.
    4. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 2021. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 23(3), pages 773-790, June.
    5. Abderrazak Laghouag & Faiz bin Zafrah & Mohamed Rafik Noor Mohamed Qureshi & Alhussain Ali Sahli, 2024. "Eliminating Non-Value-Added Activities and Optimizing Manufacturing Processes Using Process Mining: A Stock of Challenges for Family SMEs," Sustainability, MDPI, vol. 16(4), pages 1-20, February.
    6. Charlotte Wendt & Martin Adam & Alexander Benlian & Sascha Kraus, 2022. "Let’s Connect to Keep the Distance: How SMEs Leverage Information and Communication Technologies to Address the COVID-19 Crisis," Information Systems Frontiers, Springer, vol. 24(4), pages 1061-1079, August.
    7. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 0. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 0, pages 1-18.
    8. Federico Iannacci & Colm Fearon & Kristine Pole, 2021. "From Acceptance to Adaptive Acceptance of Social Media Policy Change: a Set-Theoretic Analysis of B2B SMEs," Information Systems Frontiers, Springer, vol. 23(3), pages 663-680, June.
    9. Alessandro Acquisti & Tamara Dinev & Mark Keil, 2019. "Editorial: Special issue on cyber security, privacy and ethics of information systems," Information Systems Frontiers, Springer, vol. 21(6), pages 1203-1205, December.
    10. You-Shyang Chen & Jerome Chih-Lung Chou & Yu-Sheng Lin & Ying-Hsun Hung & Xuan-Han Chen, 2023. "Identification of SMEs in the Critical Factors of an IS Backup System Using a Three-Stage Advanced Hybrid MDM–AHP Model," Sustainability, MDPI, vol. 15(4), pages 1-29, February.
    11. Tejaswini C. Herath & Hemantha S. B. Herath & David Cullum, 2023. "An Information Security Performance Measurement Tool for Senior Managers: Balanced Scorecard Integration for Security Governance and Control Frameworks," Information Systems Frontiers, Springer, vol. 25(2), pages 681-721, April.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Vu Linh Toan Le & Tien Hoang Nguyen & Khanh Duy Pham, 2023. "What Drives Industry 4.0 Technologies Adoption? Evidence from a SEM-Neural Network Approach in the Context of Vietnamese Firms," Sustainability, MDPI, vol. 15(7), pages 1-32, March.
    2. Ramzi El-Haddadeh, 0. "Digital Innovation Dynamics Influence on Organisational Adoption: The Case of Cloud Computing Services," Information Systems Frontiers, Springer, vol. 0, pages 1-15.
    3. Ramzi El-Haddadeh, 2020. "Digital Innovation Dynamics Influence on Organisational Adoption: The Case of Cloud Computing Services," Information Systems Frontiers, Springer, vol. 22(4), pages 985-999, August.
    4. Xing Gao & Weijun Zhong, 2016. "A differential game approach to security investment and information sharing in a competitive environment," IISE Transactions, Taylor & Francis Journals, vol. 48(6), pages 511-526, June.
    5. Masoud, Najeb & Al-Utaibi, Ghassan, 2022. "The determinants of cybersecurity risk disclosure in firms’ financial reporting: Empirical evidence," Research in Economics, Elsevier, vol. 76(2), pages 131-140.
    6. Giotopoulos, Ioannis & Kontolaimou, Alexandra & Korra, Efthymia & Tsakanikas, Aggelos, 2017. "What drives ICT adoption by SMEs? Evidence from a large-scale survey in Greece," Journal of Business Research, Elsevier, vol. 81(C), pages 60-69.
    7. Guych Nuryyev & Yu-Ping Wang & Jennet Achyldurdyyeva & Bih-Shiaw Jaw & Yi-Shien Yeh & Hsien-Tang Lin & Li-Fan Wu, 2020. "Blockchain Technology Adoption Behavior and Sustainability of the Business in Tourism and Hospitality SMEs: An Empirical Study," Sustainability, MDPI, vol. 12(3), pages 1-21, February.
    8. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 0. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 0, pages 1-18.
    9. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 2021. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 23(3), pages 773-790, June.
    10. Tawei Wang & Karthik N. Kannan & Jackie Rees Ulmer, 2013. "The Association Between the Disclosure and the Realization of Information Security Risk Factors," Information Systems Research, INFORMS, vol. 24(2), pages 201-218, June.
    11. Marieme Chouki & Mohamed Talea & Chafik Okar & Razane Chroqui, 2020. "Barriers to Information Technology Adoption Within Small and Medium Enterprises: A Systematic Literature Review," International Journal of Innovation and Technology Management (IJITM), World Scientific Publishing Co. Pte. Ltd., vol. 17(01), pages 1-42, February.
    12. Gianluca Vagnani & Corrado Gatti & Luca Proietti, 2019. "A conceptual framework of the adoption of innovations in organizations: a meta-analytical review of the literature," Journal of Management & Governance, Springer;Accademia Italiana di Economia Aziendale (AIDEA), vol. 23(4), pages 1023-1062, December.
    13. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    14. Jamil Paolo Francisco & Tristan Canare & Jean Rebecca Labios, 2018. "Obstacles and Enablers of Internationalization of Philippine SMEs Through Participation in Global Value Chains," Working Papers id:12905, eSocialSciences.
    15. Naruemon Choochinprakarn, 2015. "Strategic Uses of Electronic Commerce for Thai Travel Small and Medium Enterprises (SMEs)," Proceedings of Business and Management Conferences 2303915, International Institute of Social and Economic Sciences.
    16. Silva, Leiser & Hsu, Carol & Backhouse, James & McDonnell, Aidan, 2016. "Resistance and power in a security certification scheme: the case of c:cure," LSE Research Online Documents on Economics 68348, London School of Economics and Political Science, LSE Library.
    17. Willison , Robert, 2006. "Understanding the Perpetration of Employee Computer Crime in the Organisational Context," Working Papers 2006-4, Copenhagen Business School, Department of Informatics.
    18. Won, Jeong Yeon & Park, Min Jae, 2020. "Smart factory adoption in small and medium-sized enterprises: Empirical evidence of manufacturing industry in Korea," Technological Forecasting and Social Change, Elsevier, vol. 157(C).
    19. John D’Arcy & Idris Adjerid & Corey M. Angst & Ante Glavas, 2020. "Too Good to Be True: Firm Social Performance and the Risk of Data Breach," Information Systems Research, INFORMS, vol. 31(4), pages 1200-1223, December.
    20. Yong Wu & Gengzhong Feng & Richard Y. K. Fung, 2018. "Comparison of information security decisions under different security and business environments," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 69(5), pages 747-761, May.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:21:y:2019:i:6:d:10.1007_s10796-019-09959-1. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.