IDEAS home Printed from https://ideas.repec.org/a/eee/tefoso/v223y2026ics0040162525004871.html

Managing cybersecurity risks in Small businesses: A simulation-based decision framework

Author

Listed:
  • Rice, John
  • Martin, Nigel

Abstract

In 2021, the World Economic Forum identified cybersecurity failure, with a risk factor approaching thirteen (Rf = 12.96), as the major technological threat to global communities over the next decade. Given this rising disquiet, the selection and implementation of security software for small-sized businesses is a growing concern in view of the increasing rates of sophisticated attacks and financial losses each year. In this context, small business (SB) security software implementation is an important management task that requires consideration of network components, security protections, management tools, installation complexity, and additional security features. In this study, 106 IT managers provided their perspectives on the selection, procurement, and installation of five (blinded) brands of security software in a simulated SB. Monte Carlo simulations, incorporating key variables such as security software costs, project costs, risk-based contingency levels, and estimated avoided financial losses, were used to assess the likelihood of project success and financial impacts. The simulations demonstrate that SB owners must monitor and contain technical risks in their security software installation projects to reduce the probability of financial losses. Results highlight the importance of tools capable of protecting computing infrastructure and corporate data assets from theft, ransomware threats that significantly reduce SB survival rates, and malware designed to evade detection. Importantly, the Monte Carlo simulations show that SB owners must work to monitor and contain technical risks in their security software installation projects, thereby reducing the opportunities for financial losses to the business. The study suggests that SBs can avert high-cost cybersecurity problems with relatively modest financial outlays.

Suggested Citation

  • Rice, John & Martin, Nigel, 2026. "Managing cybersecurity risks in Small businesses: A simulation-based decision framework," Technological Forecasting and Social Change, Elsevier, vol. 223(C).
    • Handle: RePEc:eee:tefoso:v:223:y:2026:i:c:s0040162525004871
    DOI: 10.1016/j.techfore.2025.124456
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0040162525004871
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.techfore.2025.124456?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Aleksandr Ključnikov & Ladislav Mura & David Sklenár, 2019. "Information security management in SMEs: factors of success," Entrepreneurship and Sustainability Issues, VsI Entrepreneurship and Sustainability Center, vol. 6(4), pages 2081-2094, June.
    2. Lee, In, 2021. "Cybersecurity: Risk management framework and investment cost analysis," Business Horizons, Elsevier, vol. 64(5), pages 659-671.
    3. Zdzislaw POLKOWSKI & Jakub DYSARZ, 2017. "It Security Management In Small And Medium Enterprises," Scientific Bulletin - Economic Sciences, University of Pitesti, vol. 16(3), pages 134-148.
    4. Benz, Michael & Chatterjee, Dave, 2020. "Calculated risk? A cybersecurity evaluation tool for SMEs," Business Horizons, Elsevier, vol. 63(4), pages 531-540.
    5. Katia Passerini & Ayman El Tarabishy & Karen Patten, 2012. "Information Technology for Small Business," Springer Books, Springer, edition 127, number 978-1-4614-3040-7, January.
    6. Jie Zhang & Xin Luo & Somasheker Akkaladevi & Jennifer Ziegelmayer, 2009. "Improving multiple-password recall: an empirical study," European Journal of Information Systems, Taylor & Francis Journals, vol. 18(2), pages 165-176, April.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kaur, Harpreet & Gupta, Mahima & Singh, Surya Prakash, 2024. "Integrated model to optimize supplier selection and investments for cyber resilience in digital supply chains," International Journal of Production Economics, Elsevier, vol. 275(C).
    2. Meghisan-Toma Georgeta-Madalina & Nicula Vasile Cosmin, 2020. "ICT Security Measures for the Companies within European Union Member States – Perspectives in COVID-19 Context," Proceedings of the International Conference on Business Excellence, Sciendo, vol. 14(1), pages 362-370, July.
    3. Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
    4. Slapničar, Sergeja & Axelsen, Micheal & Bongiovanni, Ivano & Stockdale, David, 2023. "A pathway model to five lines of accountability in cybersecurity governance," International Journal of Accounting Information Systems, Elsevier, vol. 51(C).
    5. Wei Yu & Huiqin Huang & Xinyan Kong & Keying Zhu, 2023. "Can Digital Inclusive Finance Improve the Financial Performance of SMEs?," Sustainability, MDPI, vol. 15(3), pages 1-16, January.
    6. Brho, Mazen & Jazairy, Amer & Glassburner, Aaron V., 2025. "The finance of cybersecurity: Quantitative modeling of investment decisions and net present value," International Journal of Production Economics, Elsevier, vol. 279(C).
    7. Judit Oláh & Yusmar Ardhi Hidayat & Beata Gavurova & Muhammad Asif Khan & József Popp, 2021. "Trust levels within categories of information and communication technology companies," PLOS ONE, Public Library of Science, vol. 16(6), pages 1-21, June.
    8. Jani KINNUNEN & Armenia ANDRONICEANU & Irina GEORGESCU, 2019. "Digitalization Of Eu Countries: A Clusterwise Analysis," Proceedings of the INTERNATIONAL MANAGEMENT CONFERENCE, Faculty of Management, Academy of Economic Studies, Bucharest, Romania, vol. 13(1), pages 1-12, November.
    9. Idiano D’Adamo & Rocío González-Sánchez & Maria Sonia Medina-Salgado & Davide Settembre-Blundo, 2021. "E-Commerce Calls for Cyber-Security and Sustainability: How European Citizens Look for a Trusted Online Environment," Sustainability, MDPI, vol. 13(12), pages 1-17, June.
    10. Henock Mulugeta Melaku, 2023. "Context-Based and Adaptive Cybersecurity Risk Management Framework," Risks, MDPI, vol. 11(6), pages 1-22, May.
    11. Rajan, Rishabh & Rana, Nripendra P. & Parameswar, Nakul & Dhir, Sanjay & Sushil, & Dwivedi, Yogesh K., 2021. "Developing a modified total interpretive structural model (M-TISM) for organizational strategic cybersecurity management," Technological Forecasting and Social Change, Elsevier, vol. 170(C).
    12. Warut Khern-am-nuai & Matthew J. Hashim & Alain Pinsonneault & Weining Yang & Ninghui Li, 2023. "Augmenting Password Strength Meter Design Using the Elaboration Likelihood Model: Evidence from Randomized Experiments," Information Systems Research, INFORMS, vol. 34(1), pages 157-177, March.
    13. Domingo Fernández-Uclés & Adoración Mozas-Moral & Enrique Bernal-Jurado & Raquel Puentes-Poyatos, 2024. "Online reputation of agri-food companies and determining factors: an empirical investigation," Review of Managerial Science, Springer, vol. 18(2), pages 363-384, February.
    14. Ben Kejwang, 2022. "Effect of cybersecurity risk management practices on performance of insurance sector: A review of literature," International Journal of Research in Business and Social Science (2147-4478), Center for the Strategic Studies in Business and Finance, vol. 11(6), pages 334-340, September.
    15. Anne Charina & Ganjar Kurnia & Asep Mulyana & Kosuke Mizuno, 2022. "The Impacts of Traditional Culture on Small Industries Longevity and Sustainability: A Case on Sundanese in Indonesia," Sustainability, MDPI, vol. 14(21), pages 1-16, November.
    16. Kung‐Cheng Ho & Shih‐Cheng Lee & Zikui Pan & Andreas karathanasopoulos, 2026. "How Does Cyber Risk Impact Systemic Stability?," Journal of Forecasting, John Wiley & Sons, Ltd., vol. 45(2), pages 589-604, March.
    17. Moussa, Fatima Zahra & Zine-Dine, Khalid, 2025. "The impact of cyber-attacks on cybersecurity investment game model," Chaos, Solitons & Fractals, Elsevier, vol. 200(P2).
    18. Ardita TODRI & Petraq PAPAJORGJI, 2024. "Artificial Intelligence Waves In Financial Services Industry: An Evolution Factorial Analysis," Regional Science Inquiry, Hellenic Association of Regional Scientists, vol. 0(2), pages 63-75, June.
    19. Saif Hussein Abdallah Alghazo & Norshima Humaidi & Shereen Noranee, 2023. "Assessing Information Security Competencies of Firm Leaders towards Improving Procedural Information Security Countermeasure: Awareness and Cybersecurity Protective Behavior," Information Management and Business Review, AMH International, vol. 15(1), pages 1-13.
    20. Arroyabe, Marta F. & Arranz, Carlos F.A. & Fernandez De Arroyabe, Ignacio & Fernandez de Arroyabe, Juan Carlos, 2024. "Exploring the economic role of cybersecurity in SMEs: A case study of the UK," Technology in Society, Elsevier, vol. 78(C).

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:tefoso:v:223:y:2026:i:c:s0040162525004871. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.sciencedirect.com/science/journal/00401625 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.