New research to help SMEs improve cyber security with targeted support

Cyber security banner

Dr Jason R.C. Nurse, Public Engagement Lead of iCSS, is involved in a new research project which will help businesses understand and improve their cyber security and streamline access to targeted support.

The Engineering & Physical Sciences Research Council (EPSRC) of the UK Research and Innovation (UKRI) has awarded almost £700,000 funding for the project to enhance understanding of small and medium-sized enterprises (SMEs)’ cyber security support needs and their ability to address them. The funding was secured as a response to the EPSRC call on “Research aligned with cybersecurity research institutes”, and the new project is aligned with the Research Institute for Sociotechnical Cyber Security (RISCS).

The research aims to establish pilot Cyber Security Communities of Support (CyCOS), bringing together SMEs and advisory sources for practical help and support. The DCMS (Department for Digital, Culture, Media & Sport)’s UK Cyber Security Breaches Survey 2022 indicates that half of small and a third of micro businesses experienced breaches or attacks in the last year. Whilst they do seek external guidance in relation to cyber security, they do so via a huge range of sources, and often find themselves overwhelmed with information and unable to understand the advice.

Dr Nurse will work alongside Professor Steven Furnell at the University of Nottingham, who is leading the project, and Dr Maria Bada from Queen Mary University of London.

The research will investigate the support needs of small businesses, to establish their current understanding and confidence around cyber security, and their awareness and perceptions of available support. The investigation will seek to determine the scenarios in which cyber security advice is sought (e.g. during product evaluation, at point of purchase, in response to threats and incidents), and whether it is deemed effective.

The project will also analyse support routes available to these businesses, focusing on the coverage and consistency of advice, as well as the confidence and capacity of those providing it.

Research findings will be used to establish three pilot CyCOS which will include the creation of an online Support Broker, enabling the SMEs to identify support needs and contact advisory sources positioned to help them (which, as the community develops and grows in experience, may include peer support from other SMEs). The project offers upskilling opportunities for advisors and interested SMEs, via foundational cyber security certification to increase their related knowledge and capability.

Dr Nurse said: ‘SMEs represent about 99.9% of the business population in the UK. Cybercriminals know this and target them with a wide range of cyber attacks, scams, and digital threats. At the same time, SMEs struggle to keep up with these threats and source appropriate cyber security support. The CyCOS project aims to provide a much-needed support platform for SMEs to significantly improve their security posture. We do this through the development of a set of novel communities and an excellent team of industry partners including the Home Office, IASME, (ISC)2, and CIISec (Chartered Institute of Information Security).’

The research is supported by strong industry collaboration, with partners including the Home Office, (ISC)2, IASME, CIISec, the Centre for the New Midlands, and three regional Cyber Resilience Centres (CRCs).