SMEs constitute a very large part of the economy in every country, and they play an important role in economic growth and social development. SMEs are frequent targets of cybersecurity attacks similar to large enterprises. However, unlike large enterprises, SMEs mostly have limited capabilities regarding cybersecurity practices. Given the increasing cybersecurity risks and the large impact that the risks may bring to the SMEs, assessing and improving the cybersecurity capabilities is crucial for SMEs for sustainability.
This research aims to provide an approach for the SMEs for assessing and improving their cybersecurity capabilities by integrating key elements from existing industry standards.