With much effort being placed on the physical, procedural, and technological solutions for Information Systems (IS) cybersecurity, research studies tend to focus their efforts on large organizations while overlooking very smaller organizations (below 50 employees). This study addressed the failure to prevent data breaches in Very Small Enterprises (VSEs). VSEs contribute significantly to the economy, however, are more prone to cyber-attacks due to the limited risk mitigations on their systems and low cybersecurity skills of their employees. VSEs utilize Point-of-Sale (POS) systems that are exposed to cyberspace, however, they are often not equipped to prevent complex cybersecurity issues that can result in them being at risk to a data breach. In addition, the absence of federal laws that force VSEs to adhere to standards such as the Payment Card Industry Data Security Standard (PCI-DSS) leaves it up to the discretion of the VSEs to invest in cybersecurity countermeasures aimed at preventing a data breach. Therefore, this study investigated the role that cybersecurity social responsibility plays in motivating the owners of these companies to engage in cybersecurity measures geared at preventing data breaches.
This study developed and validated using Subject Matter Experts (SMEs) a cybersecurity risk-responsibility taxonomy using the constructs of VSEs’ owners’ perceived cybersecurity social responsibility (CySR) and risk of data breach (RDB) in order to better understand their level of exposure to a data breach. Exploratory Factor Analysis (EFA) using Principal Component Analysis (PCA) was conducted to extract the significant factors for CySR and RDB. The study also addressed whether there were significant differences in VSEs owners’ perceived RDB and perceived CySR based on three demographics: (1) type of industry, (2) implementation of chip technology, (3) compliance with PCI-DSS.
This study was conducted in three phases. Phase 1 utilized a panel of 13 information security SMEs and used the Delphi technique to review characteristics for RDB and CySR that were derived from literature. The results of the expert review were subjected to further validation by means of a pilot study using a small sample of the study population (Phase 2). The pilot study population included 20 organizations with number of employees ranging from less than five to 50 total employees across seven different industries.
Phase 3 of the study included the main data collection using the modified survey instrument from the pilot study. 105 VSEs anonymously participated in the main data collection phase of the study. The collected data was subjected data EFA which identified three factors comprised of 15 items for RDB and two factors comprised of 13 items for CySR. In addition, descriptive statistics was obtained and evaluated to determine if significant differences exist in VSEs owners’ perceived RDB based on type of industry, implementation of Europay, Mastercard and Visa (EMV) chip technology and, compliance with PCI-DSS. One-way Analysis of variance (ANOVA) was used to evaluate whether significant differences existed based on the VSEs demographics.
The results of the study indicated that there was a statistically significant difference in both RDB and CySR for industry, use of EMV Chip and, PCI-DSS compliance. This study demonstrates that there is a relationship between CySR and cybersecurity and that the CySR instrument could be used to assess cybersecurity practices in small businesses. In addition, this study may assist organizations in understanding and mitigating cybersecurity data breaches.
|Commitee:||Terrell, Steven, Delak, Bostjan|
|School:||Nova Southeastern University|
|Department:||Information Systems (DISS)|
|School Location:||United States -- Florida|
|Source:||DAI-A 82/6(E), Dissertation Abstracts International|
|Subjects:||Information Technology, Computer science, Management, Information science, Business administration, Organization Theory|
|Keywords:||Corporate social responsibility, Credit card breach, Cybersecurity, Data breach, Information Systems, Small business, Very Small Enterprises, Subject Matter Experts (SMEs), Risk-responsibility taxonomy|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be