Developing a Cybersecurity Framework for Small and Medium Enterprises in the UK

Academic Paper from the year 2024 in the subject Computer Science - Commercial Information Technology, , language: English, abstract: This research fills the existing gap of having a general framework for cybersecurity and comes up with strategies best suited for SMEs in the UK. Due to the large number of SMEs in the UK, the economy heavily depends on them; however, those organizations have many cybersecurity issues due to the lack of funds, the increased number of strict rules, and new/advanced types of cyber threats. The study's goal is to develop an implementable cybersecurity model that can adequately counter these factors and build SME immunity against cyber threats. The first step undertaken in the study is the review of the literature which seeks to establish specific cybersecurity threats that impact SMEs and assess the preparedness of existing architectures in supporting SMEs. According to it, there is a step-wise cybersecurity framework in terms of policies, standards, and guidelines suitable for SMEs based on their operations and regulatory policies. Examples of Manufacturing, Financial Services, and Healthcare industries make the study applicable and offer practical evidence of the framework application. Specifically, key findings stress that network segmentation and employee training, which are vital yet inexpensive approaches, are indispensable for addressing cyber threats. The general picture leads to the identification of the regulation as the most important area of concern that directly relates to GDPR and industry standards with an emphasis on ongoing monitoring and updates. Concerning the proposed cybersecurity architecture, ranging from perimeter to data protection layers, it provides a conceptual framework for protecting SMEs' IT resources. Possible future research directions include the utilization of new technologies like AI and machine learning for improved threat detection, the improvement of cybersecurity knowledge among the different levels of society, and the involvement of SMEs, cybersecurity specialists, and regulatory entities.