Understanding cybersecurity awareness in Malaysian SMEs: The role of knowledge, resources, experience, and policy

This study aims to investigate the key determinants of cybersecurity awareness among Malaysian small and medium-sized enterprises (SMEs), focusing on cybersecurity knowledge, access to resources, past experiences with cyber incidents, and government policies. A quantitative research design was adopted, collecting data from 240 SME owners across diverse sectors using an online survey. The data were analyzed using multiple regression techniques via SPSS to assess the impact of the independent variables on cybersecurity awareness. Findings reveal that cybersecurity knowledge is the strongest predictor of awareness, followed by access to cybersecurity resources and prior experience with cyber incidents. Although government policies and industry initiatives positively influence awareness, their impact is comparatively modest, indicating gaps in outreach and engagement. The study highlights the critical role of educational interventions and resource accessibility in enhancing SME cybersecurity resilience. Practical implications suggest that policymakers and industry stakeholders should focus on tailored training programs, affordable cybersecurity tools, and simplified policy communication to increase SME participation. Additionally, fostering platforms for SMEs to share experiences may promote collective learning and preparedness. This research contributes theoretical insights by integrating the Technology Acceptance Model and Protection Motivation Theory within the SME context in an emerging economy, offering a comprehensive understanding of behavioral and structural factors influencing cybersecurity awareness. The findings support more effective strategies to protect vulnerable SMEs, which are crucial for national economic security in the digital age.