Investigating cyber resilience in Small, Medium, and Micro Enterprises (SMME’s) in Gauteng

Abstract

Cyber resilience is becoming increasingly vital for Small, Medium, and Micro Enterprises (SMMEs) to withstand and quickly recover from cyber threats. This qualitative study investigates the cyber resilience strategies, critical success factors, and best practices within SMMEs in Gauteng, South Africa. The research aims to understand SMMEs approach to cyber resilience and whether they incorporate all dimensions of the Cyber Resilience-Self Assessment Tool (CR- SAT), a framework specifically recommended for enhancing the cyber resilience of SMMEs. The study identifies key critical success factors that are prevalent among Gauteng’s SMMEs. The methodology involves semi-structured interviews with business owners, IT Managers, and cybersecurity experts within a variety of SMMEs in Gauteng. The selection of participants ensures representation across different industries to allow for comprehensive insights into the cyber resilience landscape within this economic sector. Thematic analysis of the interview data provides an in-depth understanding of the experiences, practices, and perceptions of cyber resilience among participants. Preliminary findings reveal that while some SMMEs demonstrate awareness and implementation of cyber resilience best practices, there is a varied degree of adoption concerning the CR-SAT framework. Several critical success factors emerge, these include adoption of best practices in implementation of training and awareness, risk management, business continuity, the implementation of incident response plans, outsourcing, dealing with credible vendors. However, the research also identifies significant gaps in knowledge and resource constraints, which impede full-scale implementation of recommended cyber resilience measures