scieee Science in your language
[en] (orig)

Breach prevention strategies for cybersecurity in US SMEs and healthcare organizations description

Author: Adedoyin, Adebayo; Farinde, Oluwakemi; Ogunsola, Omotayo; Chiobi, Nonso Fred; Akinola, Omolola
Publisher: Zenodo
DOI: 10.5281/zenodo.17339225
Source: https://zenodo.org/records/17339225/files/WJARR-2025-0049.pdf
 Co esponding au ho : Adebayo Adedoyin
Copy igh © 2025 Au ho (s) e ain he copy igh o his a icle. This a icle is published unde he e ms o he C ea i e Commons A ibu ion License 4.0.
B each p e en ion s a egies o cybe secu i y in US SMEs and heal hca e
o ganiza ions desc ip ion
Adebayo Adedoyin 1, , Oluwakemi Fa inde 2, Omo ayo Ogunsola 1, Nonso F ed Chiobi 1 and Omolola Akinola 3
1 Lama uni e si y, Beaumon , Texas.
2 Uni e si y o Essex, Uni ed Kingdom.
3 Uni e si y o he cumbe lands, Ken ucky, USA.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
Publica ion his o y: Recei ed on 04 Decembe 2024; e ised on 12 Ap il 2025; accep ed on 14 Ap il 2025
A icle DOI: h ps://doi.o g/10.30574/wja .2025.26.2.0049
Abs ac
In oduc ion: Small and medium-sized en e p ises (SMEs) and heal hca e o ganiza ions in he Uni ed S a es ace
signi ican cybe secu i y challenges, wi h s udies indica ing ha o e 60% o SMEs ha e expe ienced a da a b each in
ecen yea s. This s udy explo es he c i ical s a egies and bes p ac ices o p e en ing da a b eaches and enhancing
cybe secu i y esilience wi hin hese o ganiza ions. The digi al ans o ma ion o business ope a ions has exposed
SMEs and heal hca e o ganiza ions o a g owing landscape o cybe secu i y isks. These en i ies o en lack he
esou ces, expe ise, and awa eness necessa y o implemen comp ehensi e secu i y measu es, ende ing hem
pa icula ly ulne able o da a b eaches and o he malicious cybe ac i i ies. Fo ins ance, a s udy by he Na ional
Cybe secu i y Cen e ound ha 43% o SMEs in he U.S. epo ed a cybe secu i y b each in he pas 12 mon hs.
Unde s anding he unique challenges aced by SMEs and he heal hca e sec o is c ucial in de eloping e ec i e b each
p e en ion s a egies.
Ma e ials and Me hods: This s udy employs a sys ema ic li e a u e e iew o 35 schola ly a icles, indus y epo s,
and go e nmen publica ions o assess he cu en s a e o cybe secu i y p ac ices and he a ailable s a egies o SMEs
and heal hca e o ganiza ions. The e iew analyses he ac o s in luencing cybe secu i y eadiness, he common
ulne abili ies exploi ed by cybe a acke s, and he eme ging bes p ac ices o enhancing o ganiza ional esilience.
Resul s: The indings indica e ha SMEs and heal hca e o ganiza ions ace signi ican ba ie s in implemen ing obus
cybe secu i y measu es, including limi ed budge s (wi h o e 50% o SMEs spending less han $500 annually on
cybe secu i y) and lack o in-house echnical expe ise (only 28% o SMEs ha e a dedica ed IT secu i y p o essional).
Howe e , he li e a u e also highligh s se e al e ec i e s a egies, such as employee secu i y awa eness aining
(implemen ed by 72% o heal hca e o ganiza ions), implemen ing mul i- ac o au hen ica ion (adop ed by 65% o
SMEs), egula ly upda ing so wa e and sys ems, and de eloping comp ehensi e inciden esponse plans.
Discussion: The s udy emphasizes he c ucial ole o p oac i e and collabo a i e app oaches in add essing he
cybe secu i y challenges aced by SMEs and heal hca e o ganiza ions. Fos e ing public-p i a e pa ne ships, le e aging
go e nmen esou ces and incen i es (u ilized by 41% o SMEs), and p omo ing indus y-speci ic cybe secu i y
amewo ks can help hese en i ies s eng hen hei secu i y pos u e and be e p o ec hei sensi i e da a and c i ical
in as uc u e.
Conclusion: E ec i e b each p e en ion in SMEs and heal hca e o ganiza ions equi es a mul i ace ed app oach ha
combines echnological, o ganiza ional, and human-cen ic s a egies Th ough he iden i ica ion o hese challenges
speci ic o hese en i ies and subsequen adop ion o hese bes p ac ice measu es he en i ies a e be e placed o
imp o e hei o ganiza ional cybe secu i y and p o ec hemsel es agains hese h ea s. The ac - inding o his s udy
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3069
se es as a e e ence guide o bo h SMEs and heal hca e o ganiza ions on how bes o imp o e on hei secu i y
measu es and design ways o igh ing da a loss.
Keywo ds: Cybe secu i y; SMEs; Heal hca e O ganiza ions; Da a B eaches; Risk Managemen ; Th ea De ec ion;
Inciden Response; Regula o y F amewo ks; A i icial In elligence; Machine Lea ning; Vulne abili y Assessmen ; Cybe
Th ea s
1. In oduc ion
1.1. Unde s anding Cybe secu i y Th ea s in SMEs and Heal hca e O ganiza ions
Today, cybe secu i y h ea s ha e e ol ed and ha e become a majo issue o small and medium-sized en e p ises
(SMEs) and heal hca e o ganiza ions in he Uni ed S a es. In his ega d, al hough he wo sec o s ha e di e en
o ganiza ions, hey ha e simila isks, mainly because o limi ed esou ces and li le expe ience in add essing cybe
h ea s. SMEs a e especially a isk gi en ha many only spend below $500 pe annum on cybe secu i y on a e age
(Bagwell, 2016). Howe e , he heal hca e indus y deals wi h a as amoun o pa ien s’ pe sonal da a, and he e o e
becomes a ipe a ge o cybe a acke s. Ne e heless, a signi ican numbe o heal hca e o ganiza ions ha e no
de eloped su icien ly obus means o p o ec ion agains cybe inciden s, aising he co esponding isk o da a
b eaches. This inhe en da a weakness gi es he a acke s a high g ound in he heal hca e acili ies hence becoming
hei da ling a ge . Consequen ly, he e is a need o ensu e mo e a en ion is paid o cybe secu i y h ea s, and be e
ways o mi iga ing he h ea s ha a e now appa en . SMEs and heal hca e o ganisa ions mus o e come hese
cybe secu i y h ea s in o de o educe he isk o hei business.
This means ha by emb acing digi al echnologies, o ganiza ions ha e exposed hemsel es o e en mo e cybe secu i y
h ea s. The s udy conduc ed by he Na ional Cybe secu i y Cen e (2021) e eals ha 43% o he Small and Medium
En e p ises based in he Uni ed S a es ace cybe secu i y a acks annually. Likewise, cybe a acks on he heal hca e
sec o a e e y common, and mos o hese a acks ha e se e e ou comes such as pa ien ’s sa e y and he epu a ion o
heal hca e acili ies (Wilne e al., 2021). Mode n sys ems a e coupled and hence, a ulne abili y in one sys em will lead
o cause and e ec consequences in ano he sys em especially wi hin in e connec ed sys ems such as heal hca e. This
connec i i y os e s he ealiza ion ha a holis ic iew o he cybe secu i y h ea landscape is impo an in o de o
de ise s a egic wa ding o mechanisms. I is c ucial o o ganiza ions o iden i y hese isks and implemen s eps ha
would help educe he impac o he a ack o p e en he h ea om happening.
Figu e 1 Va ious Tools o Cybe secu i y in he Heal hca e Domain. Sou ce: Ja aid e al., 2021
The easons behind cybe a acke s a ge ing SMEs and heal hca e o ganisa ions di e bu a e usually inancially
mo i a ed, spying o o dis up se ices. As es ablished, he impac o cybe a acks can be ca as ophic o SMEs since
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3070
he i ms may su e huge losses, dis up ions in hei ope a ions, and a e likely o old up (Da is, 2020). In he heal hca e
pa icula ly when handling – sensi i e in o ma ion b eaches no only incu ines bu also lead o he loss o us om
he clien s – pa ien s which is an impo an ac o o deli e y o heal hca e se ices. Fo hese easons i is c i ical o
o ganiza ions o conduc ele an analyses o a acks, assess esou ce u iliza ion and imp o e o ganiza ional eadiness
o coun e h ea s e ec i ely. Th ough analyses o h ea s and he measu es o p e en he same, o ganiza ions can
p e en a majo i y o cybe a acks and mi iga e he losses esul ing om he same.
Due o hese challenges, he measu ed impac s o cybe h ea s a e s ill e y high gi en ha small businesses, and
especially he heal hca e o ganiza ions possess li le knowledge, and limi ed inancial capi al which makes i e en ha d
o hem o e en pu in place basic cybe secu i y measu es. This lack o awa eness is why he e is a need o come up
wi h educa ion, policy, and in es men in sui able echnologies needed o handling cybe h ea s (Cook, 2017). To
add ess his dispa i y, hese sec o s equi e cos -e ec i e and business le el cybe secu i y solu ions and ools ha
would sui hei ope a ions and inancial capaci ies. Making su e ha employees a e awa e o he p ocedu es pu in
place o comba cybe h ea s, e iewing hem pe iodically, and deploying he igh echnology can also go a long way
in add essing he issue and making such o ganiza ions less suscep ible o cybe h ea s. Closing his cybe secu i y
de ici is i al o building sus ainable s abili y and sa e y in hese indus ies.
1.2. His o ical E olu ion o Cybe secu i y Measu es in SMEs and Heal hca e
Sou ce. h ps://d ops a .com/blog/heal hca e-managemen /heal hca e-cybe secu i y/
Figu e 2 Ou comes o Heal hca e cybe secu i y B eaches
Cybe secu i y in SMEs and heal hca e has changed d ama ically h oughou he las wo decades because o inno a ions
and changes in egula ion. Fi s , mos companies and business o ganiza ions saw cybe secu i y as a echnical ma e ,
which hey allowed pe sonnel in he IT depa men o deal wi h a e ou sou cing i and neglec ing o make i a p ima y
conce n. These we e he gaps ha we e no unded o ull implemen a ion making o ganiza ions mo e ulne able o
cybe isk. Ne e heless, gi en oday’s global high-p o ile da a b each scena ios, he ole o cybe secu i y has become
mo e o less issue-o ien ed. In pa icula , heal hca e o ganiza ions ha e been expe iencing inc easing p essu e o align
wi h ules and egula ions, o ins ance he Heal h Insu ance Po abili y and Accoun abili y Ac (HIPAA) ha enhanced
s ingen ules o pa ien in o ma ion p o ec ion. The change in egula o y e o s has e en ually u ged he heal hca e
sys ems o deploy signi ican secu i y imp o emen s benchma ks, which aim a mi iga ing isks (Hemann, 2021).
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3071
A compa a i e case analysis o SME and heal hca e o ganisa ions e eals an e olu ion om eliance on he ‘‘ i e igh e ’’
model o de ence owa ds a mo e p oac i e app oach o cybe secu i y. In SMEs, he use o such amewo ks as he
Na ional Ins i u e o S anda ds and Technology (NIST) Cybe secu i y F amewo k ep esen s a u ning poin . This
amewo k enables an o ganiza ion o measu e hese isks hen wo k on how o manage hem as well as inco po a ing
how o moni o isks egula ly hence enhancing secu i y (Benjamin e al., 2019). O e iew In he heal hca e se ing he
in eg a ion o elec onic heal h eco ds (EHRs) has opened up posi i es as well as nega i es. By p o iding be e pa ien
ca e and da a managemen , EHRs pu pa ien s and physicians a highe isks o in usion and calls o be e
cybe secu i y p o ec ion o pa ien s’ da a (El Rob, 2020). Indeed, his again emphasizes he need o ha e complemen a y
solu ions ha can p o ide secu i y o e he echnological de elopmen ha is being o e ed as oppo uni y abo e and
secu i y o e he da a ha migh be ulne able o a ack as he o he side o he same medal.
Howe e , he e is s ill a as disp opo ion be ween la ge co po a ions and SMEs o small heal hca e ins i u ions in
e ms o cybe secu i y. Mul ina ional o ganiza ions migh in ol e he inancial capaci y o delega ing depa men al
eams ocusing on cybe secu i y and acqui ing he mos e ec i e secu i y de e en sys ems, while SMEs and a
signi ican numbe o heal hca e acili ies wi h inadequa e cybe secu i y skills as a minimum equi emen o e li le
de ense agains mos cybe -a acks. Fo ins ance, while he la ge i ms ha e 80/100 adop ion o IT secu i y pe sonnel,
he SMEs only ha e 28/100 (Cook, 2017). This dispa i y unde lines he necessi y o cos -e ec i e and easily-
implemen able cybe secu i y s a egies conce ning small i ms and o ganiza ions. Closing his gap is impo an in o de
o allow smalle pa ies o pu in place su icien secu i y con ols despi e hei ela i e lack o esou ces.
This means ha as echnology ad ances, so does he echniques used by he cybe ad e sa ies. This is because he
en i onmen in which o ganiza ions a e ope a ing is a a s a e o cons an e olu ion and hus hei secu i y measu es
mus change simila ly. New echnologies a; o ins ance, AI and ML, a e g adually becoming ele an in boos ing he
o ganiza ional esilience le el. They assis an o ganiza ion o iden i y and coun e h ea s in eal- ime, making i a g ea
s ep up in cybe secu i y. AI and ML applica ion in cybe space as a p oac i e and p o oundly ad anced h ea de ec ion
and esponse sys em ha can imp o e he e ec i eness o cybe secu i y sys ems in handling cybe secu i y h ea s
(Rawinda an, 2023). Since hese echnologies a e s ill in hei ea ly s ages, i can be asce ained ha hei inco po a ion
will es ablish i sel as a key componen o cybe secu i y.
1.3. Cu en Cybe secu i y Landscape o SMEs and Heal hca e O ganiza ions
The cybe secu i y en i onmen has changed and adap ed in he con empo a y wo ld, in a way ha a ec s speci ically
SMEs and heal hca e o ganiza ions in he US. Acco ding o he Na ional Cybe secu i y Cen e, hough SMEs make up
99% o businesses in he Uni ed S a es, 43% o hem expe ienced da a b each in he las one yea . Likewise, heal hca e
o ganiza ions deal wi h he pa ien ’s in o ma ion, which emains highly ulne able o a ansomwa e a ack o e en a
phishing campaign (Jalali e al., 2019). These indus ies ypically lack su icien inancial and s a esou ces, and his
inc eases hei ulne abili y o cybe isks. The same cons ain s make i di icul o implemen enhanced cybe secu i y
solu ions and p ac ices, he eby c ea ing majo gaps in hei p o ec ion (Bagwell, 2016).
I is c ucial o poin ou ha heal hca e sys ems, being di e en om he majo i y o SMEs, expe ience speci ic HIPAA
(Heal h Insu ance Po abili y and Accoun abili y Ac ) egula ions ha o ce ins i u ions o implemen compliance
measu es mul iple o ganiza ions ail o achie e (Hemann, 2021). Resea ch indica es ha abou 72 pe cen o heal hca e
acili ies ha e adop ed secu i y awa eness p og ams, bu hey s ill expe ience b eaches because hei inciden esponse
mechanisms a e inadequa e (Ashley & P eiksai is, 2007). On he one hand, he ocus on p i acy conce ns and, on he
o he , he need o emain unc ional— he sec o equi es e icien and adap i e cybe secu i y app oaches (Towbin,
2019).
These b eaches do no only e e o he loss o mone a y alues, bu also o o he losses, such as hose o epu a ion
alue and s akeholde s’ us alue. SMEs’ a e age cybe secu i y a ack cos was es ima ed o be $200,000 wi h 60%
o ced o close down wi hin 6 mon hs o a ack (Benjamin e al., 2019). Simila isks apply o heal hca e acili ies wi h
he a e age b each cos ing $9.23 million and also he possibili y o li iga ion and penal ies (Wilne e al., 2021). Such
da a unde sco es he need o socie ies in hese p eca ious indus ies o seek and deploy app op ia e and an icipa o y
cybe secu i y measu es.
1.4. Key D i e s o Cybe secu i y In es men s in Vulne able Sec o s
The adop ion o cybe secu i y in es men s in SMEs and heal hca e o ganiza ions’ is mo e in luenced by compliance,
echnology, and epu a ion. Legal equi emen s like he GDPR o he p o ec ion o da a, and HIPAA o pa ien da a
push o ganiza ions in o a speci ic s uc u e ha demands ha hey spend money owa ds enhancing hei cybe secu i y
(El Rob, 2020). Fu he , noncompliance wi h hese egula ions no only leads o he imposi ion o se e e ines ha can
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3072
ha e a se e e impac on o ganiza ional inancial heal h bu also e odes ins i u ional us . This is e en mo e impo an
in indus ies like he heal hca e indus y whe e consume s’ us is he key o shakup and sus ainable business
ope a ions (Benjamin e al., 2019). In u n, in es ing in cybe secu i y is iewed as he only way o a e subsequen
sanc ions and o ensu e business sus ainabili y.
Technology has also been help ul as an enable in boos ing he in es men s in cybe secu i y. Du ing he ecen yea s,
he oppo uni ies o cloud compu ing, IoT de ices, and AI echnologies ha e eme ged and g ew: in pa allel, he
oppo uni ies o cybe c iminals ha e also inc eased. Consequen ly, he o ganiza ions ha e shi ed o de eloping be e
secu i y measu es p o ocols o ensu e hei digi al sys ems’ secu i y. In e en ions like MFA and end-end enc yp ion
a e some o he eme ging s a egies among o ganiza ions’ gua d agains such h ea s (Rawinda an, 2023). The as -
g owing echnological ad ancemen p esen s himsel as an unde lying ac o ha implies ha , cybe secu i y
in es men s mus always be in an ac i e/ p oac i e in es men s a us o secu i y gains.
Cybe secu i y in es men s ha e been in o med by he eme ging epu a ion managemen ma e s. Gi en he cen ali y
o people’s pe cep ions o o ganiza ions in he business wo ld, p o ec ing consume in o ma ion has come o mean
p o ec ing an o ganiza ion’s image. This can esul in se ho i ic consequences such as as onomic mone a y losses and
he i ually o e nigh loss o consume con idence. Mo e and mo e, o ganisa ions ha e come o conside cybe secu i y
a p ima y a ea o business ocus (Bagwell, 2016). The business losses b ough by da a b eaches ha e highligh ed ha
cybe secu i y is now longe an exclusi e IT issue, bu a business need.
Howe e , he e a e s ill some issues wi h i , especially o he o ganiza ions which conside hemsel es o be a he
weak and inexpe ienced. CIO’s esponsibili ies o p o ec ing an o ganiza ion in cybe space a e ou inely complex; due,
in pa , o a ela ionship be ween cos , echnology, and equi emen . To SMEs and heal hca e p o ide s he e is s ill
signi ican conce n o ma ching he needs o cos e icien and e ec i e cybe secu i y. The e o e, i speci ic s a egies
ha cap u e hese challenges a e designed, such o ganiza ions can imp o e hei cybe secu i y s ance, and educe hei
suscep ibili y o o he h ea s (Wilne e al., 2021). Con inuous ad ancemen o desalina ion and educ ion o i s cos
a e also impe a i e o accommoda e all s akeholde s hence e en a small o ganiza ion o an indi idual should be able o
p o ec i .
The objec i e o he p esen esea ch is o iden i y and analyse speci ic aspec s o cybe secu i y h ea s and issues
ele an o SMEs and heal hca e o ganisa ions, including hei weaknesses, pu sued s a egies and mo i es o
cybe secu i y spending. Also, i will discuss he e ec s o new echnologies and changing o he ising ends in
egula ions o hese sec o s.
The ques ions below help o analyze he si ua ional analysis and cybe secu i y pos u es o SMEs and heal hca e
o ganiza ions.
• Wha isks cu en ly domina e he cybe secu i y h ea landscape o he SMEs and heal hca e o ganiza ions in
he Uni ed S a es?
• In wha ways do his o ical ends a ec he o ma ion o cybe secu i y app oaches o SMEs and heal hca e
ins i u ions?
• Wha a e he main de e minan s o cybe secu i y in es men in exposed sec o s and how and whe e do hey
di e be ween SMEs and he heal hca e indus y?
• In wha way does he use o echnology and compliance wi h he egula ion enhance he cybe secu i y pos u e
o hese o ganiza ions?
In ligh o hose ac o s, he s udy aims o achie e he ollowing goals: To assess he cybe secu i y h ea s o SMEs and
heal hca e o ganiza ions, de e mine he mo i a ion behind cybe secu i y in es men s, and assess he le el o
cybe secu i y e ec i eness.
• The goal would be o de ine majo cybe secu i y h ea s and isks which a ec he SMEs and heal hca e
o ganiza ions.
• To analyze he oles which he pas ends and he egula ion play o oday’s cybe secu i y policies in hese
indus ies.
• To assess how compliance wi h lega and egula o y s anda ds con ibu es o imp o emen o cybe secu i y
p epa edness.
• To make sugges ions o speci ic cybe secu i y measu es and me hodologies a o dable o bols e ing he
de enses o SMEs and heal hca e ins i u ions.

Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3073
1.4.1. Hypo heses
• SMEs and heal hca e o ganiza ions wi h highe in es men in cybe secu i y show educed b each incidences
compa ed o hose wi h limi ed budge s.
• Compliance wi h egula o y amewo ks di ec ly co ela es wi h imp o ed cybe secu i y esilience.
• In eg a ion o ad anced echnologies like AI and ML enhances h ea de ec ion and inciden esponse
capabili ies in hese sec o s.
1.4.2. Scope o he S udy
The scope o his s udy encompasses a comp ehensi e analysis o cybe secu i y p ac ices wi hin small and medium-
sized en e p ises (SMEs) and heal hca e o ganiza ions in he Uni ed S a es, examining hei ulne abili ies, s a egies,
and he d i ing ac o s behind cybe secu i y in es men s. I will discuss how hese sec o s a e cons ained by dea h o
esou ces, ou da ed ool and equipmen , and in ensi ying egula o y conce ns. The esea ch will also assess he
ela ionship be ween inno a i e echnologies o oday’s digi al wo ld like a i icial in elligence, machine lea ning, and
In e ne o Things ha can lead o imp o ing o ganiza ional cybe secu i y eadiness. Mo eo e , i will examine how
hese changing egula ions ha ha e in luence he o ganiza ion in one way o ano he such as da a p o ec ion laws and
heal hca e manda es, impac cybe secu i y mo e speci ically and compliance gene ally. Based on an analysis o cu en
p ac ices and his o ical ends, he esea ch will y o shed ligh on how such o ganiza ions can enhance hei
cybe secu i y eadiness a o dably. The o e all aim is o ocus on he a eas o in e en ion ha ha e p o en o be
e ec i e and s ill be easible o he SMEs and heal hca e acili ies an icipa ing mo e and sophis ica ed cybe secu i y
h ea s.
2. Re iew o he Li e a u e Sou ces
2.1. O e iew o Cybe secu i y P ac ices in Small and Medium En e p ises (SMEs)
Cybe secu i y is a big issue o SMEs, as he o me emains ulne able o cybe a acks in spi e o ha ing limi ed unds
in compa ison o la ge companies. Cybe secu i y h ea s and especially da a b eaches ha e isen signi ican ly wi hin
SMEs owing o highe adop ion in es-Comme ce and usage o da a s o age acili ies. In Sabe ’s esea ch (2016), i was
es ablished ha mos SMEs a e unp epa ed o add ess cybe isks because hey ha e limi ed budge s, cybe secu i y
expe ise, and manage ial capabili ies. Consequen ly, he measu es o managing hese isks may s ill be less elabo a ed
and ha exposes he SMEs o cybe c iminals’ a ack.
Among all he challenges aced by SMEs conce ning cybe secu i y, he challenge o ackling complex and e e -changing
h ea s is one o he bigges hind ances. Cook (2017) desc ibed ha SMEs a e no equipped wi h he igh ools and
knowledge o iden i y he new h ea s like phishing a acks, ansomwa e, and APTs. Addi ionally, SMEs end no o ake
cybe h ea s se iously enough as hey hink ha la ge companies a e he main a ge s o cybe c iminals. Despi e his,
a s udy by Ullah & Nabi (2016) showed how cybe c iminals a e p og essi ely a acking SMEs because o hei
suscep ibili y and poo secu i y measu es.
Key s a egies o cybe secu i y compliance in SMEs include isk analysis, policy se ing, awa eness, and secu i y
solu ions like i ewalls and in usion de ec ion sys em, and enc yp ion solu ions espec i ely. Bada & Nu se, (2019)
poin ed ou ha hese o ganiza ions need o in eg a e he use o secu i y amewo ks like he ISO/IEC 27001 ha
p o ide a s uc u al while pa simonious me hod o dealing he issues in ol ing he managemen o sensi i e
in o ma ion and he p o ec ing o his in o ma ion om unau ho ized access. Ano he c ucial ac o in minimising
human e o , which is usually he bigges ulne abili y o SMEs, is a cybe secu i y awa eness aining o employees.
Mo eo e , he managemen o in o ma ion secu i y in SMEs has also s a ed inco po a ing machine lea ning (ML) and
a i icial in elligence (AI) ools in o hei cybe secu i y plans. S udies conduc ed by Rawinda an e al. (2021) y o
explain ha h ea AI p o ec ion sys ems a e becoming essen ial o SMEs as a esul o g owing h ea s in he
con empo a y wo ld. These ools could p ocess la ge amoun o da a looking o anomalous ac i i y; hus a e good a
iden i ying secu i y iola ion a hei ea ly s ages when hey a e no e y de as a ing. The ansi ion o mo e ad anced
me hods is a majo cha ac e is ic o con empo a y SME cybe secu i y p ac ices because i enhances h ea
iden i ica ion and p o ec ion measu es.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3074
Figu e 3 Dis inc Roles and T ends o Cybe secu i y o Heal hca e
2.1.1. Risk Assessmen and Cybe secu i y F amewo ks in SMEs
A isk assessmen is a p oac i e p ocedu e o de eloping a i m sa e y plan in cybe secu i y o SMEs. Knigh (2020)
suppo s ha SMEs should ake ad an age o isk assessmen o ind ou which asse s a e aluable o he business and
wha nega i e ami ica ions could esul om a ious cybe h ea s. This also in ol es assessing he wo h o impo an
in o ma ion ha is ha d o eplace, including; cus ome da a, accoun eco ds, and pa en s. Recognizing hese asse s,
SMEs can ocus on hei cybe secu i y p o ec ion and a ange i s esou ces mo e e icien ly.
The assessmen o isk p o iles o he SMEs is also signi ican ly associa ed wi h cybe secu i y amewo ks. The NIST
Cybe secu i y F amewo k (NIST CSF) and ISO/IEC 27001 p o ide SMEs wi h checklis s o ecognizing and managing
cybe secu i y h ea s. These amewo ks gi e an o ganiza ion a clea se o ules ha will help go e n i s ope a ions in
e e y aspec om isk managemen o he ac ual occu ence o an inciden . As a gued by Chidukwani e al., (2002),
adop ion o hese amewo ks imp o es he SMEs cybe secu i y h ough o e ing comp ehensi e guides o secu i y
imp o emen s.
Ano he ac o ha SMEs need o add ess is he issue o scalabili y o cybe secu i y amewo ks. While gian s o indus y
can in es in elabo a e cybe secu i y amewo ks, smes a e o en o ced o do mo e wi h less by din o limi ed
esou ces. Thus, i is essen ial o SMEs o choose he cybe secu i y amewo k ha i s he size and he le el o
o ganiza ional complexi y. He e, Bagwell (2016) explains ha isk managemen amewo ks can be s ill u ilized by
small o ganiza ions, bu a speci ic app oach should be adop ed in o de o keep he amewo k usable and aluable.
Risk assessmen also en ails e alua ing possible isks and weaknesses mos o ganiza ion do no ha e a clea idea o he
po en ial isks i aces a any gi en ime. As sugges ed by Ashley & P eiksai is (2007), i is ad isable o SMEs o engage
in pe iodic e iew o hei in e nal en i onmen wi h a iew o ealizing a eas o IT s uc u al ail y like ou da ed
so wa e, insecu e ne wo ks, and poo ly con igu ed secu i y. These assessmen s should also make an e alua ion o he
cu en secu i y measu es like he i ewalls, he an i i us, he access con ols and so on. SMEs should also ac i ely
manage he isk en i onmen as pa o i s key eme ging ends. SMEs should e iew and ein eg a e hei isk
assessmen s o en because a new ype o cybe h ea can eme ge a any ime. This p ac ice helps hem o be on a eady
posi ion o coun e any new h ea s as hey de elop in he ma ke . Acco ding o Benjamin, e al. (2019), SMEs should
include h ea in elligence eeds wi hin hei cybe secu i y p og am in o de o s ay in o med o new h ea s and a ack
me hods.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3075
2.1.2. Implemen ing Cybe secu i y Policies in SMEs
Policies ha e become co e when i comes o comba ing cybe secu i y h ea s acing SMEs. Ha ing a clea unde s anding
o he iden i ied policy means ha , he e a e ules ha need o be ollowed when i comes o he p o ec ion o
in o ma ion wi hin an o ganiza ion, app o ing access by he use s, and mee ing he se legal equi emen s. As poin ed
ou by Banks (2017), he e is u gen need o ha ing cybe secu i y policies o o mula e and en o ce, as hey assis he
employees o know wha is expec ed ou o hem in ela ion o cybe -secu i y. These policies should co e some o he
ollowing a eas: passwo ds, enc yp ion, ne wo k access, and pe missible uses o echnology.
Adop ion o a cybe secu i y policy in ol es an analysis o he o ganiza ion’s isk appe i e whe e one needs o assess key
asse s, h ea s and isks. Acco ding o Saban e al. (2021), SMEs should engage he policy ac o s in he de elopmen o
he policy o ensu e ha he policy mee s he ope a ional equi emen s o he SME and he a ailable esou ces in he
o ganiza ion. The inclusion o senio manage s in policy-making is impo an in ensu ing he enhancing he p ospec s
o hei adhe ence o he policy while p o iding he igh alloca ion o esou ces owa ds cybe secu i y.
Howe e , equally impo an is he pa ha conce ns en o cemen mechanisms o he policies so c ea ed. Odujin in, A.
(2012) has poin ed ha o be e ec i e policies mus be d i en o implemen ed as he a icula ed abo e. This in ol es
deploying o he echnologies like access con ol, enc yp ion so wa e, ne wo ks moni o as measu es in line wi h hese
p inciples. They should also unde ake audi s equen ly o de e mine le el o compliance wi h he policy and o ou line
po en ial a eas o _ ailu e.
Small and Medium-sized en e p ises o ins ance a e always in a ix in en o cing policy due o some o he cons ain s
like lack o capi al amongs o he s. As poin ed ou by G een (2014), small en e p ises may no in a posi ion o hi e s a
o manage cybe secu i y o employ he se ices o consul an s o ensu e adhe ence o polices. Howe e , his is an a ea
ha SMEs a e o en limi ed in and can o e come his by placing an au oma ed cybe secu i y solu ion which can
au oma ically e iew policy compliance a eal ime. Solu ions such as Secu i y In o ma ion and E en Managemen
(SIEM) will come in handy, he sys em will de ec policy b eaches and any possible h ea . Besides, i is essen ial ha
policies kep up wi h he la es ules and egula ions o cybe secu i y as well as isks ha a e cu en . The ac ha such
policies a e conduc ed pe iodically means ha SMEs a e always on he lookou o he nex bes de ense mechanisms
agains he eme ging cybe h ea s. As poin ed by Wells (2019), ealignmen o policies should be in o med by he
esul s o he on-going isk analysis, epo ed nea -misses, and o he h ea in elligence sou ces.
2.1.3. Cybe secu i y T aining and Awa eness o SMEs
T aining and imp o ing awa eness is always a c i ical pa o he SME cybe secu i y plan. F om Bada & Nu se (2019),
such isks make i impe a i e o SMEs o ain employees well enough in o de o gua d agains cybe h ea s. This
in ol es aising awa eness o s a on phishing, social enginee ing, passwo d, and da a secu i y. Employees a e usually
he bigges secu i y law since hey a e he la ges sou ce o da a leak inciden s. Dyks a e al. (2020) s a ed ha a lack
o awa eness and insu icien aining aised he p opensi y o cybe e en s in small o ganiza ions.
As shown in Figu e 4, SMEs a e p ime a ge s o cybe c iminals due o ac o s like he lack o an IT depa men , eliance
on hi d-pa y so wa e, and inadequa e da a p o ec ion and au hen ica ion measu es. These gaps a e exploi ed by
hacke s o pe pe a e di e en o ms o a acks on SMEs such as he , misuse o physical access, phishing, social
enginee ing, da a he , supply chain a acks, pe sonnel misuse, malwa e, ansomwa e, denial o se ice, IoT a acks,
biome ic sys em a acks and cha bo a acks.
Employe s should design aining p og ams acco ding o he posi ion o e e y wo ke so ha hey a e awa e o wha is
expec ed o hem conce ning p o ec ion o in o ma ion sys ems. Fo ins ance, he adminis a i e s a need o unde go
aining in use access managemen , while employees in cus ome -sensi i e posi ions need o lea n mo e abou how o
handle sensi i e in o ma ion belonging o clien s. Acco ding o Da is (2020), i is essen ial o unde ake ole-speci ic
aining ha gua an ees ha all pe sonnel possess he knowledge and esou ces equi ed o manage iden i ied cybe
isks wi hin hei a eas o esponsibili y.
Howe e , in oducing a econside a ion o he esul o he aining session, he idea o cybe secu i y awa eness mus
be cul i a ed con inually. This can be done h ough secu i y awa eness mee ings, sending ou company upda ed
secu i y news le e s and la s, secu i y awa eness campaigns e c. Simila ly, Bada and Nu se (2019) sugges ha
p ac ices should make hei cybe secu i y educa ional ma e ials mo e engaging h ough gami ica ion. Sma aining
exe cises ha eplica e ac ual a acks o e a kind o wo kou and can educa e people on he eal dange s ou he e.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3076
Sou ce: h ps://www.massa.ne .my/cybe secu i y-challenges- ha -small-and-medium-en e p ises- aced-and-i s-way- o wa d/
Figu e 4 Why SMEs a e common a ge s o cybe -c iminals
One o he c i ical di icul ies in aining employees is he lack o unds ha SMEs can alloca e o aining ac i i ies, along
wi h he lack o money o o e aining p og ams ha include all o he necessa y elemen s. None heless, a s udy by
McLau in (2021) es ablishes ha SMEs can le e age ee o inexpensi e insigh s a ailable om go e nmen
depa men s, indus ies, and cybe secu i y p o ide s. The e a e se e al sou ces which has aining in o, webina , and
online cou se a ge ing small businesses. Hence, u ilizing hese esou ces, one can inc ease SMEs’ cybe secu i y
eadiness, wi h a minimal expendi u e.
2.2. Cybe secu i y S a egies o Small and Medium-Sized En e p ises (SMEs)
2.2.1. Risk Managemen and Cybe secu i y F amewo ks o SMEs
Secu i y managemen in SMEs should be a ac ic as i en ails e alua ing h ea s and come up wi h ways o s opping hem
be o e eme ging as b eaches. Bada and Nu se (2019) explain ha SMEs need o implemen isk-based cybe secu i y
s a egies in o de o co e all he isks known o he company. A c ucial pa o his is o ecommend cybe secu i y
amewo ks ha allow SME-businesses o a ionalize hei app oaches o secu i y. NIST and ISO 27001 amewo ks
p o ide he SMEs wi h a s uc u al guidance on how o e alua e and imp o e i s cybe secu i y s a us.
These amewo ks help SMEs o s anda dize o ollow he bes p ac ices o sa egua d in o ma ion and o adhe e o he
laws and egula ions in place (Saban e al., 2021). Fo ins ance, implemen ing in o ma ion secu i y s anda d such as he
ISO 27001 makes SMEs unde ake isk assessmen equen ly accompanied by iden i ica ion o po en ial secu i y isks,
and managemen o coun e measu es. O he guidelines ha SMEs HAVE TO conside include he de elopmen o a isk-
esponse plan ha a ge s he iden i ica ion, handling and co ec ing o inciden s a ec ing he i m (Bagwell, 2016). The
in eg a ion o such measu es o e s a clea amewo k o he co ec app oach o cybe secu i y isk managemen which
is necessa y o SMEs engaged in indus ies wi h a high le el o cybe secu i y isks, including heal h ca e (Amb een e
al., 2023).
In addi ion, due o hese amewo ks, o ganiza ions gain imp o ed means o unde s anding hei secu i y si ua ion
and can di ec hei esou ces o he mos h ea ening issues. Knigh (2020) mo es o h wi h a guing ha SMEs ha e
o in es in secu i y o p o ec hei business and cus ome in o ma ion. Small business employs inancial capi al o
in es on he echnologies and acqui e adequa e aining o he employees as he essen ials o he con inui y o he
i ms.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3083
in o de o unde s and he mul idimensional na u e o cybe secu i y h ea s, o ganiza ional eadiness, and possible
p e en i e measu es in a ious ypes o businesses.
In his espec , he e iew me hodology p io i ized me hodological c edibili y by exclusi ely using pee - e iewed
a icles, adhe ing o anspa en me hodological app oaches and documen ing sys ema ic s eps in ol ed in he
syn hesis o he e iewed a icles. While e iewing he li e a u e o he pe cep ion, c edible, eliable, and ele an
sou ces we e e alua ed using c i ical e alua ion c i e ia so ha he esea ch main ains high-quali y academic
s anda ds.
4. Resul s, Analysis and Discussion
4.1. Cybe secu i y Landscape and O ganiza ional Vulne abili ies
4.1.1. S uc u al Vulne abili ies in Small and Medium En e p ises
The cybe secu i y h ea o SMEs in he Uni ed S a es un eils deep-sea ed s uc u al issues ha weaken he
o ganiza ions’ digi al de ense. Based on he li e a u e e iew, empi ical e idence p o es ha SMEs encoun e complex
p oblems a ising om inhe en o ganisa ional es ic ions (Sabe , 2016; Cook, 2017).
Table 3 S uc u al Cybe secu i y Vulne abili ies in US SMEs
Vulne abili y
Ca ego y
Pe cen age
A ec ed
A e age
In es men
P ima y Risk
Fac o
Po en ial
Impac
Geog aphic
Concen a ion
Limi ed Technical
Expe ise
72%
<$500/annually
Skill Gaps
High B each Risk
Cali o nia, Texas,
New Yo k
Inadequa e
Resou ce
Alloca ion
68%
$250-$750
Budge
Cons ain s
Mode a e
Vulne abili y
Flo ida,
Massachuse s,
Washing on
Ou da ed
Technological
In as uc u e
59%
<$1000/annually
Legacy Sys ems
C i ical
Exposu e
Illinois, Vi ginia,
Geo gia
Lack o Dedica ed
Cybe secu i y
Pe sonnel
65%
$0-$300
S a ing
Limi a ions
Ex eme
Vulne abili y
Pennsyl ania,
Ohio, Michigan
Minimal Risk
Managemen
S a egies
61%
$100-$500
S a egic
De iciencies
Subs an ial Risk
No h Ca olina,
A izona, Colo ado
Insu icien
Employee T aining
57%
$200-$400
Human Fac o
Risks
Signi ican
Exposu e
O egon,
Minneso a,
Wisconsin
Limi ed
Compliance
F amewo ks
54%
$300-$600
Regula o y
Gaps
Po en ial Legal
Consequences
New Je sey,
Ma yland,
Connec icu
Inadequa e Th ea
De ec ion
Mechanisms
52%
$150-$350
Technological
Limi a ions
P olonged
Vulne abili y
Missou i, Indiana,
Tennessee
Poo Inciden
Response Planning
48%
$100-$250
Reac i e
App oach
Ex ended
Reco e y Time
Ken ucky,
Alabama,
Louisiana
Sou ce: Syn hesized om Sabe (2016), Cook (2017), Ullah & Nabi (2016)
The da a e eals ha 72% o US SMEs lack dedica ed cybe secu i y expe ise, wi h an a e age annual in es men o less
han $500, c ea ing signi ican echnological ulne abili ies. Economic ac o s se e ely limi SMEs’ abili y o apply

Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3084
op imal cybe secu i y p ecau ions, which eposi ions cybe secu i y om a de ensi e capi al ou lay o an in e p e ed
ope a ing cos (Ashley & P eiksai is, 2007).
S uc u al ulne abili ies a e no only de ined by de iciencies in echnology bu also include ing ained o ganiza ional
ac o s ha exposed cybe ulne abili ies. Knigh (2020) as well as Bagwell (2016) ha e also s essed ha hese h ea s
s em solely om inhe en weaknesses pe aining o o ganisa ional s uc u e, such as he lack o digi al suppo , he
absence o su icien isk p o ec ion measu es, as well as o ganisa ional limi a ions o a p ope cybe secu i y s a egy.
The economic en i onmen only makes hese di icul ies e en wo se. These and o he ela ed isks mean ha many
SMEs see cybe secu i y in es men equi emen s as o e head cos s, no impo an s a egic asse s. This pe cep ion
leads o ine ec i ely dis ibu ed esou ces, hence, posing conside able o ganiza ional haza ds. Using a simple snapsho ,
oday’s a e age SME alloca ed 1.9% o i s IT budge o cybe secu i y; excluding i s digi al asse s om e ol ing and
sophis ica ed cybe h ea s (Chidukwani e al., 2002).
4.1.2. Technological In as uc u e and Cybe Risk Exposu e
Technological in as uc u e is one o he mos impo an ac o s ha de ine o ganiza ional cybe esilience and he
analyzed US small and medium-sized en e p ises showed impo an echnological weaknesses. Resea ch da a show ha
he cu en s a e o echnological solu ions emains highly p oblema ic and lacks su icien de elopmen , cu ing-edge
echnologies, p ope p o ec i e measu es, and lexibili y.
Table 4 Technological In as uc u e Risk Assessmen in US Heal hca e and SME Sec o s
Technology
Ca ego y
Vulne abili y
Le el
A e age Upda e
F equency
Po en ial
B each Risk
Mi iga ion
Cos
Sec o Impac
Cloud Compu ing
Sys ems
High
18-24 mon hs
65%
$5,000-
$15,000
Heal hca e,
Technology SMEs
Ne wo k Secu i y
In as uc u e
Mode a e
12-15 mon hs
55%
$3,000-
$10,000
Financial Se ices,
Heal hca e
Endpoin P o ec ion
C i ical
6-9 mon hs
72%
$2,500-
$7,500
Medical P ac ices, IT
SMEs
Da a Enc yp ion
Mechanisms
Subs an ial
9-12 mon hs
48%
$4,000-
$12,000
Resea ch
Ins i u ions,
Heal hca e
Remo e Access
Technologies
High
6-8 mon hs
61%
$3,500-
$9,000
Dis ibu ed Wo k
En i onmen s
IoT Secu i y
F amewo ks
C i ical
3-6 mon hs
58%
$5,500-
$16,000
Medical De ices,
Tech SMEs
Iden i y
Managemen
Sys ems
Mode a e
12-18 mon hs
42%
$2,000-
$6,000
Heal hca e
Adminis a ion
In usion De ec ion
Sys ems
Subs an ial
9-12 mon hs
52%
$4,500-
$13,000
Cybe secu i y-
ocused SMEs
Disas e Reco e y
Pla o ms
High
12-24 mon hs
45%
$6,000-
$18,000
C i ical
In as uc u e SMEs
Sou ce: Adap ed om N an ogian e al. (2021), Rawinda an e al. (2021)
The use o echnological ad ancemen s such as machine lea ning and A i icial In elligence e lec s possible app oaches
in he imp o emen o cybe secu i y. These sma echnical app oaches allow o ganisa ions o shi om eac i e o
p oac i e cybe secu i y pa adigms ha also signi ican ly dec ease p obable ulne abili y exposu e (Jalali e al., 2019).
The eme gence o connec ed compu e sys ems aises new challenges compa ed o managing he isks associa ed wi h
cybe space. Legacy secu i y solu ions en ailing concen ic ci cles ha su ound an o ganisa ion ha e been ound o be
obsole e and insu icien o he mode n en i onmen , in which secu i y needs o be p oac i e and capable o modi ying
i sel o he cons an ly changing h ea s (Benjamin e al., 2019).
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3085
4.2. S a egic Risk Mi iga ion F amewo ks
4.2.1. Comp ehensi e Cybe secu i y S a egy De elopmen
Risk managemen amewo ks a e iden i ied as undamen al aspec s o o ganiza ional cybe secu i y ha equi e
complex, comp ehensi es app oaches ou sma ing simple echnological solu ions. Combining indings om empi ical
esea ch, i was es ablished ha ein o cemen o cybe secu i y called o he o mula ion o he depic ed composi e
and end- o-end app oaches ha encompassed he echnological, human, and o ganiza ional domains. The sys ema ic
li e a u e e iew sugges ed ha s a egic amewo ks should be accompanied by an ex ensi e isk analysis app oach,
associa ed esponsi e s uc u es, and con inual o ganiza ional lea ning. The au ho s p o ed ha e ec i e cybe secu i y
plans mus espond lexibly o newly eme ging echnological isks and challenges, co po a ion limi a ions, and h ea s
in mode n compu ing en i onmen s.
The isk assessmen me hodologies e ol ed in o he basic elemen s o he s a egic cybe secu i y amewo ks wi hin
he o ganiza ions. Sys ema ic e iews ou lined he need o con ex -sensi i e and me hodologically sophis ica ed isk
assessmen amewo ks ha migh cap u e o ganiza ional, echnological, and sec o de ails. The s udy highligh ed he
need o mo e dynamic app oaches o isk assessmen ha can encompass mo e c i e ia, such as echnological isks,
people in ol ed, and u he consequences, such as economical ones, in case o he possible cybe h ea
implemen a ion.
Risk managemen wi hin s a egic amewo ks mus be embedded wi h complex h ea in elligence sys ems o aid in
ea ly iden i ica ion o cybe secu i y h ea s. I was impo an o ou line ha while esea che s we e awa e o he
g owing ole o p edic i e analy ics in h ea de ec ion and esponse, he senio esea che s wan ed o inc ease he
usage o machine lea ning and a i icial in elligence echnologies o he de elopmen o sophis ica ed analy ics
capabili ies. The s udy o his sys ema ic e iew ound ha s a egic managemen and secu i y isk mi iga ion need
cons an igilance, h ea iden i ica ion and imely esponse, as well as he abili y o adjus p o ec i e measu es as
necessa y.
4.2.2. Technological In e en ion S a egies
IT in e en ion s a egies a e impo an elemen s o isk managemen app oaches o cybe secu i y isks. This empi ical
esea ch highligh ed he need o pu in place obus echnological solu ions o coun e di icul , con inuously changing
cybe h ea s. The sys ema ic analysis e ealed a numbe o echnological solu ions such as enhanced o ms o
enc yp ion, o ma -enhanced o ms o access con ol, and sma algo i hms o h ea de ec ion. Schola s poin ed ou
ha mo e emphasis needs o be placed on e o s whe e echnological solu ions mo e beyond wha can be cha ac e ized
as he pe ime e secu i y model, he idea is o c ea e in elligen echnologies ha can espond o inc easingly e ol ing
echnological h ea s.
Machine lea ning as well as a i icial in elligence as he nex big hing in echnological in en ion is applicable in he
cybe secu i y o de ices. Sys ema ic s udies poin ed ou ha in elligen sys ems hold p omise as a ool o inc easing
h ea iden i ica ion, isk assessmen , and sel -o ganizing esponse p ocedu es. In espec o he esea ch, he
impo ance o an adap i e echnological amewo k ha can adap and lea n o he o en e ol ing cybe h ea s was
emphasized, his in essence helped o minimize he ex en o exposu e o o ganiza ions o a ious h ea s.
Technological in e en ion s a egies ha e o cap u e he en i onmen o he dis ibu ed digi al applica ions, he cloud
compu ing a chi ec u es o da a cen es, and new echnologies which a e ye o p o ide alue in la ge scale applica ions.
Scien is s poin ed o he need o c ea e complex echnological solu ions con aining consis en p o ec ion ea u es in
a ious compu ing space. Acco ding o he sys ema ic e iew, cu en echnological challenges o he mul i ace ed
digi al en i onmen s equi e lexible, la ge-scale solu ions.
4.2.3. Human-Cen ic Cybe secu i y In e en ions
Human-cen ic cybe secu i y in e en ions ep esen c i ical componen s o comp ehensi e isk mi iga ion s a egies.
Empi ical esea ch unde sco ed he applicabili y o human ac o s as a c i ical componen o o ganiza ional cybe
esilience and poin ed o he need o designing mo e elabo a e awa eness and aining ini ia i es. The sys ema ic
analysis insigh ul conclusion s a ed o in eg a e sophis ica ed psychological nuances, signi ican beha io change
s a egies, and he con inuous lea ning p ocesses in o he human-cen ic in e en ion amewo k which go beyond he
con en ional aining models. Schola s emphasized supe o ganizing he idea ha cybe secu i y is an o ganiza ional
cul u e ha needs o emb ace e e yone in he o ganiza ion.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3086
Risk pe cep ion was iden i ied as a s ong psychological a ea o cybe secu i y o he esea ch hemes explo ed he
ela ionship be ween people’s a i ude o h ea and he i m’s cybe secu i y s a us. Sys ema ic analyses p o ed ha
sus ained success ul, human-o ien ed imp o emen s a e o in ol e a ange o psychological ac o s, such as he
pe cei ed isk le el, psychological biases, and us s uc u es o he o ganiza ion. The cu en wo k highligh ed he
use ulness o ine-g ained, mul iple-componen solu ions ha employ psychological knowledge alongside echnology
and o ganiza ional solu ions.
Human awa eness and aining ini ia i es a e ounda ional componen s o empowe ing human-cen ic cybe secu i y.
Expe s unde lined he need o in eg a ing lea ne -cen e ed, ecological app oaches ha suppo ongoing de elopmen
o expe ise in ela ion o changing and eme ging echnologies and h ea s. The analysis o a icles showed ha e ec i e
human-cen ed in e en ions should con ain p og essi e, play ul lea ning p ocesses which ebuild pe sonal and
o ganiza ional beha io al models.
4.3. Regula o y Compliance and Cybe secu i y F amewo ks
Table 5 Regula o y Compliance F amewo ks o SMEs and Heal hca e O ganiza ions
Regula o y
F amewo k
P ima y Focus
Compliance
Ra e
A e age Cos o
Implemen a ion
Key Requi emen s
Sec o
Impac
HIPAA Secu i y
Rule
Heal hca e Da a
P o ec ion
68.3%
$45,000 - $85,000
PHI enc yp ion, access
con ols
Heal hca e
GDPR
Da a P i acy and
P o ec ion
42.7%
$30,000 - $70,000
Consen managemen ,
da a minimiza ion
Mul i-sec o
NIST
Cybe secu i y
F amewo k
Comp ehensi e
Cybe Risk
Managemen
55.6%
$25,000 - $60,000
Risk assessmen ,
inciden esponse
All Sec o s
PCI DSS
Paymen Ca d
Da a Secu i y
61.2%
$20,000 - $50,000
Ne wo k secu i y,
ulne abili y
managemen
Re ail,
Finance
CMMC
De ence
Con ac o
Cybe secu i y
37.9%
$55,000 -
$100,000
Ma u i y le els,
con olled unclassi ied
in o ma ion
De ense
SOX
Financial
Repo ing Secu i y
49.5%
$35,000 - $75,000
Financial da a
in eg i y, in e nal
con ols
Financial
Se ices
CCPA
Cali o nia
Consume P i acy
44.1%
$27,000 - $65,000
Consume da a igh s,
p i acy p o ec ion
Cali o nia
Businesses
ISO/IEC 27001
In o ma ion
Secu i y
Managemen
38.6%
$40,000 - $90,000
In o ma ion secu i y
managemen sys em
Global
En e p ises
SHIELD Ac
New Yo k Da a
P o ec ion
52.3%
$22,000 - $55,000
Da a b each
no i ica ion, secu i y
p og ams
New Yo k
Businesses
Sou ce: Compiled om Udeshi (2019), El Rob (2020), and Benz & Cha e jee (2020)
The legal en i onmen bo h a he na ional and in e na ional le el also p esen s a c ucial and a mo e ex ensi e ole in
de ining cybe secu i y solu ions o SMEs as well as o he heal hca e sec o . An e alua ion o all he e idence indica es
ha legal and egula o y compliance is no jus a ick-box exe cise bu a c i ical app oach o bols e ing cybe secu i y
de enses in o ganiza ions. As desc ibed by Udeshi (2019), he ede al amewo k o da a p o ec ion law add esses
cybe secu i y as a mul i-laye ed app oach ha akes in o accoun he weak poin s and capaci ies o SMEs. This app oach
depa s om sugges ing a one-size- i s-all app oach and p esen s adap abili y models ha can sui one en e p ise ype
o ope a ion and isk le el.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3087
This s udy p o ides unde s anding o how much he egula ion compliance is complex and di e se ac oss a ious
amewo ks; i is challenging bu o e oppo uni ies o o ganiza ions. A comp ehensi e analysis o hese challenges
has been expi a ioned by El Rob (2020) in his/ he empi ical analysis o hese challenges especially among heal h ca e
o ganiza ions whe e egula o y compliance is mo e s ingen . HIPAA Secu i y Rule compliance is he e o e es ima ed
o be a an o e all a e age o 68.3% which shows ha he e is a lo o wo k ha needs o be done in o de o be ully
complian . The inancial consequences o such compliance a e no able; he cos s associa ed wi h ge ing s a ed wi h
he implemen a ion a e going o be wi hin he $45,000 o $85,000 o hose en i ies ha wish o be ully complian wi h
egula o y equi emen s. These cos s include no only de elopmen cos s o echnology, bu also he cos s associa ed
wi h o ganiza ional change, aining, and e alua ion.
The de elopmen s in a ious echnologies undeniably al e ed he co e app oach o o ganiza ional compliance and
in oduced new en i onmen s and con ex s o isk assessmen and IT secu i y. Machine lea ning and a i icial
in elligence echnologies ha e now made mo e elabo a e p ac ices o compliance and isk assessmen o be mo e han
jus mono onous manual checks. Rawinda an e al. (2021) clea ly suppo his a gumen by p esen ing e idence abou
he ac ha when using echnology-enhanced ools, he isk o compliance issues among SMEs can dec ease by up o
35%. This esea ch highligh s he impo ance o u he ing he unde s anding o he link be ween echnological
ad ancemen and he implemen a ion o compliance measu es, poin ing o he apidly g owing necessi y o includes
echnological ad ancemen in ega d o compliance measu es and ope a ing amewo ks.
Figu e 7 Dynamic secu i y app oach. Sou ce: Sa i a e al., 2023
The cu en and u u e na u e o he cybe secu i y egula ion equi es SMEs and heal hca e o ganiza ions o be
p og essi e and adop a s a egic iew owa d he issue. New egula ions a e mo e and mo e o ien ed no only o
p e en ion bu also o he occu ence o e en s, da a p o ec ion and cons an isk assessmen . Today he e is he NIST
Cybe secu i y F amewo k and he Cali o nia Consume P i acy Ac (CCPA) ha is o cing o ganiza ions o build mo e
in eg a ed and adap i e secu i y plans. These egula ions no only expec o ganiza ions o pu in e ec i e secu i y
con ols bu also assu e con inued igilance in in o ma ion secu i y h ough documen a ion, pe iodic examina ion, and
disclosu e o isks and h ea s.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3088
Mo eo e , he enhanced globaliza ion and in eg a ion o in o ma ion echnology sys ems ha e inc eased he global
egula o y en i onmen o be b oade han he domes ic egula o y en i onmen . Regula ions such as GDPR and o he
indus y-speci ic legisla ion a e making compliance en i onmen global ye complex. Fo he SMEs and he ela ed
heal hca e o ganiza ions, i means ha he e mus be a dynamic and cu ing ac oss compliance measu es ha can
add ess mo e han one ule. This app oach calls o subs an ial commi men o unc ional specializa ion, s ingen use
o echnology, and knowledge upda e oge he wi h inno a ion cul u e. En i ies ha can e ec i ely manage his angled
legal en i onmen can a oid o a leas minimize legal and inancial losses, as well as ea n cus ome and s akeholde s’
us by showing ha hey ha e adop ed he bes possible app oach o p o ec da a and p e en cybe h ea s.
4.4. Impo ance o Tailo ed Cybe secu i y F amewo ks o SMEs
Small Medium En e p ises (SMEs) a e a e en a g ea e pe il as hey a e usually inancially and echnologically
cons ained. Mos o hese business en i ies a ely employ adequa e numbe o IT expe s besides employing ou da ed
echnologies ha expose hem o heis by hacke s. The necessi y o he p ope cybe secu i y amewo ks o SMEs is
no ques ionable because hey a e de eloped based on he clien s’ cha ac e is ics and limi a ions. The implica ions a e
ha while la ge o ganiza ions can a o d o in es in expensi e and complica ed solu ions, SMEs need a o dable,
modula and easy o apply solu ions.
Cus omized solu ions help SMEs iden i y wha cybe secu i y ini ia i es a e essen ial a any gi en ime, including
aining employees, p o ec ing endpoin s, and enc yp ing da a. The li e a u e also shows ha mos h ea s o SMEs
le e age human ac o s p oac i ely implemen ing awa eness aining is c ucial (Bada & Nu se, 2019). Policies such as
ha om NIST’s Cybe secu i y F amewo k o ISO/IEC 27001 p esen s uc u ally balanced checklis s ha SMEs can
ailo o manage isks like phishing, ansomwa e, and inside h ea s.
Howe e , ano he a ea whe e special amewo ks a e use ul is he issue o egula o y compliance since hey allow SMEs
adhe e o local and in e na ional s anda ds. This compliance no only helps he company o a oid legal p oblems bu
also o gain and o main ain he con idence o hei clien s and pa ne s. Use ul amewo ks also help de elop a s a egy
o p e en ing h ea s so ha he SMEs can o esee h ea s and a oid hem. This way he SMEs can de elop s ingen
digi al en i onmen o p o ec hei business ope a ions and aluable in o ma ion om being hacked.
4.5. P ima y D i e s o Cybe secu i y In es men s in SMEs and Heal hca e O ganiza ions
The na u e and pa e ns o cybe secu i y acquisi ion in US SMEs and heal hca e o ganiza ions p ima ily ela e o he
economic, legal, and s a egic ac o s. Ka ibai (2021) highligh ed ha inancial cons ain s emain he mos signi ican
ba ie o comp ehensi e cybe secu i y implemen a ion, wi h o e 50% o SMEs alloca ing less han $500 annually o
hei cybe secu i y in as uc u e. This limi ed in es men leads o a c i ical isk which pu s o ganiza ions in po en ially
disas ous cybe h ea s, his explains why he e is a need o inc ease s a egic in es men .
A s udy conduc ed by El Rob (2020) showed ha he economic d i e in he cu en heal hca e o ganiza ions is he
need o mee and con o m o egula o y equi emen s like he HIPAA in he managemen o in o ma ion. The ines which
ange o millions o dolla s se e as a good enough eason o o ganiza ions o pu sue obus cybe secu i y solu ions.
This egula o y p essu e is one o he basic d i ing o ces o he es ablishmen o cybe secu i y in o ganiza ions, and
he need o c ea e mo e obus and e icien secu i y models makes heal hca e p o ide s adap .
Technological ad ancemen a e bo h he s eng h and h ea o cybe secu i y spending. Rawinda an e al. (2021)
ound ha he in eg a ion o machine lea ning and a i icial in elligence is u ning in o essen ial pa s o secu i y
solu ions o small and medium-sized businesses ha wan secu e bu inexpensi e solu ions. The esea ch shows ha
companies ha implemen enhanced echnological ools migh p oduce up o 35% be e h ea iden i ica ion and
eac ion. The o e all echnological solu ion is mo e p oac i e in compa ison wi h adi ional secu i y models, which
make i mo e e icien o dealing wi h cybe secu i y h ea s.
The pe cep ion ha leade s ha e on he issue and he ype o cul u e ha an o ganiza ion has a e de e minan ac o s
o he le el o in es men ha is made in he cybe secu i y. Saban e al. (2021) disco e ed ha CISO unde s anding o
cybe secu i y isks d i es o ganiza ional in es men p io i ies a he execu i e le el. The ins i u ions ha ha e a
leade ship ha comp ehensi ely maps he possible inancial and epu a ional consequences o cybe h ea s a e
he e o e likely o in es a lo o esou ces in de eloping cybe secu i y in as uc u e. This s a egic app oach changes
he pe cep ion o he gua ding o in o ma ion sys ems om a solely echnical subjec o a majo business isk
managemen subjec which equi es o ganisa ion-wide solu ions.

Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3089
The economic impac o cybe inciden s se es as a powe ul mo i a o o inc eased cybe secu i y in es men s.
A menia e al. (2021) conduc ed a comp ehensi e analysis demons a ing ha he a e age cos o a cybe inciden o
SMEs can ange om $84,000 o $148,000, a exceeding he p e en a i e in es men equi ed o obus secu i y
measu es. This kind o economic easoning makes he case o p oac i e cybe secu i y spending as a sound business
in es men , based on he ela i e cos s o ac ing now e sus he cos s o wai ing un il an a ack happens. The s udy
unde sco es ha by o ganiza ions ecognizing cybe secu i y mo e as a capi al in es men as opposed o being a
business expense, hey a e be e placed o p e en and mi iga e cybe h ea s and ensu e business unc ion in a wo ld
ha is de ined by cons an ly e ol ing h ea s.
4.6. Eme ging T ends and Fu u e Di ec ions in Cybe secu i y
The e a e h ea s and oppo uni ies in he changing na u e o cybe secu i y isks o SMEs and heal hca e o ganiza ions.
As pe he s udy conduc ed by A menia e al. (2021), AI and ML-based solu ions a e changing he na u e o h ea
de ec ion and esponse, whe e o ganiza ions deploying AI/ML o secu i y ound a h ea -de ec ion a e inc ease o
55%. The u iliza ion o he analy ical echniques leads o enhanced p e en ion o h ea s and ocuses mo e on
p e en i e measu es han necessa ily de ensi e inc eases. Knigh (2020) epo s ha o ganiza ions u ilizing p edic i e
analy ics iden i y po en ial h ea s 47% as e han hose elying on adi ional secu i y me hods.
Cloud secu i y con inues o ans o m o ganiza ional secu i y a chi ec u es, o e ing scalable and cos -e ec i e
p o ec ion op ions. Bada & Nu se (2019) ound ha SMEs adop ing cloud-based secu i y solu ions educe in as uc u e
cos s by 35% while imp o ing h ea esponse capabili ies by 42%. Howe e , cloud adop ion in oduces new secu i y
conside a ions and compliance equi emen s. Jalali e al. (2019) emphasizes he impo ance o p ope cloud secu i y
con igu a ions, no ing ha miscon igu ed cloud se ices accoun o 63% o epo ed da a b eaches in heal hca e
o ganiza ions.
The ise o emo e wo k and dis ibu ed ope a ions necessi a es adap i e secu i y app oaches. Resea ch by Saban e al.
(2021) indica es ha o ganiza ions implemen ing ze o- us a chi ec u es expe ience 68% ewe unau ho ized access
inciden s compa ed o adi ional pe ime e -based secu i y models. Heal hca e p o ide s ace addi ional challenges in
secu ing emo e pa ien ca e pla o ms and elemedicine se ices. El Rob (2020) epo s ha heal hca e o ganiza ions
wi h comp ehensi e emo e access secu i y p og ams educe da a exposu e isks by 52% while main aining se ice
accessibili y.
Regula o y compliance and da a p o ec ion equi emen s con inue o e ol e, demanding mo e sophis ica ed secu i y
amewo ks. Towbin (2019) no ed ha o ganiza ions ha implemen au oma ed compliance moni o ing ools cu down
he p epa a ion ime o a compliance audi by 45% and enhance policy compliance by 38%. The oppo uni y o
implemen blockchain echnology in o he sys em shows he po en ial o new o ms o p ese ing access o he eco ds’
p o ec ion and da a’s in eg i y. Acco ding o A menia e al. (2021), he in oduc ion o blockchain-based sys ems will
cu he numbe o cases o heal h da a ampe ing by h ee- ou hs while enabling heal h ca e p o ide s o inc ease
in o ma ion exchange compa ibili y.
5. Conclusion
The cybe secu i y landscape o Small and Medium En e p ises (SMEs) and heal hca e o ganiza ions in he Uni ed
S a es e eals signi ican ulne abili ies and complex challenges. O e 60% o SMEs ha e been a ic im o da a b eaches
and heal hca e ins i u ions a e cons an ly expe iencing mo e complex and se e e cybe h ea s, hese sec o s a e in
despe a e need o e ec i e solu ions o secu i y. This esea ch shows ha cybe secu i y is no solely a echnical
p oblem bu a he a people, p ocess, and echnology p oblem, which equi es aining employees, alloca ing he igh
esou ces, ollowing egula o y guidelines, and e alua ing isks on a cons an basis. Speci ic indings ha need o be
add essed include he need o o ganisa ions o conside key p oac i e ea u es ha e ol e a ound de eloping s ong
p o ec i e measu es in o m o amewo ks like NIST and ISO 27001, engage he employees equen ly in p og ams o
secu i y awa eness, and inco po a e ad anced echnologies such as a i icial in elligence and machine lea ning in
secu i y. Al hough many SMEs a e alloca ing less han $500 pe yea owa d cybe secu i y, o ganiza ions can aised
cybe secu i y ma u i y app eciably h ough ca e ully a ge ed spending, secu i y consciousness- aising, and cheap bu
e ec i e echnological solu ions. The e ol ing h ea landscape demands a dynamic, collabo a i e app oach ha
balances echnological inno a ion, human ac o s, and egula o y compliance o e ec i ely p o ec sensi i e da a and
o ganiza ional in as uc u e.
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3090
Recommenda ions
• Implemen Comp ehensi e Cybe secu i y T aining P og ams: Implemen secu i y awa eness p og ams ha
a e ole-based, con inuous, and use scena ios aspec s like, include phish, ake scena ios and quizzes ha es
he employee’s awa eness egula ly o lowe human e o and imp o e he secu i y s eng h.
• Adop Risk-Based Cybe secu i y F amewo ks: Apply adop ion amewo ks om NIST and ISO 27001 speci ic
o o ganiza ional scope and complexi y o ind, measu e, and educe cybe secu i y h ea s and isks as well as
measu e compliance.
• In es in Ad anced Th ea De ec ion Technologies: In eg a e AI and machine lea ning based h ea in elligence
solu ions in o de o achie e eal ime h ea iden i ica ion, isk analysis and mi iga ion momen a y esponse
solu ions.
• Es ablish Robus Inciden Response and Business Con inui y Plans: C ea e and equen ly upda e ex ensi e
inciden handling plans ha should con ain he escala ion pa h, communica ion p ocesses, and eco e y s eps
so which de imen al e ec s o a b each can be con ained.
• C ea e Public-P i a e Collabo a ion Mechanisms: Con ibu e on Go e nmen cybe secu i y p og ammes and
bodies and indus y g oups in o de o supply h ea in elligence, acqui e esou ces, and con ibu e o
de ensi e s a egies.
• P io i ize S a egic Resou ce Alloca ion: Engage in isk analysis pe iodically o be be e placed in cu ing down
you cybe secu i y budge , in es in alue-d i en, e icien secu i y measu es – he ones ha would deli e he
mos alue in e ms o he ex en o p o ec ion you in es in a he leas cos .
By implemen ing hese ecommenda ions, SMEs and heal hca e o ganiza ions will enhance and il hei cybe secu i y
om ollowing a eac i e s a egy o being p oac i e in de ending hei sys ems agains eme ging h ea s.
Compliance wi h e hical s anda ds
Disclosu e o con lic o in e es
No con lic o in e es o be disclosed.
Re e ences
[1] Abdul ahim, N. (2019). Managing Cybe secu i y as a Business Risk in In o ma ion Technology-based
Smes (Doc o al disse a ion, Uni e si y o Nai obi). h p://e eposi o y.uonbi.ac.ke/handle/11295/107172
[2] Acho , O. (2016). Da a Secu i y S a egies o P e en ing B eaches Due o Inside Th ea s (Doc o al disse a ion,
Walden Uni e si y). h ps://sea ch.p oques .com/open iew/c3265b8c4a2bb65c2a42c9b35b93c d0/1?pq-
o igsi e=gschola &cbl=18750&diss=y
[3] Ajmi, L., Alqah ani, N., Rahman, A. U., & Mahmud, M. (2019, May). A no el cybe secu i y amewo k o
coun e measu e o SME's in saudi a abia. In 2019 2nd In e na ional Con e ence on Compu e Applica ions &
In o ma ion Secu i y (ICCAIS) (pp. 1-9). IEEE.
[4] Ajuzie, G. (2019). Cybe c ime p e en ion among small businesses in he g ea e Hous on a ea: A quali a i e
explo a o y case s udy. Uni e si y o Phoenix.
h ps://sea ch.p oques .com/open iew/d256b6d53d 9a9cce97408d0c9e15 39/1?pq-
o igsi e=gschola &cbl=18750&diss=y
[5] Al Mehai i, A., Zgheib, R., Abdella i , T. M., & Conchon, E. (2015, Sep embe ). Cybe secu i y s a egies while
sa egua ding in o ma ion sys ems in public/p i a e sec o s. In In e na ional Con e ence on Elec onic Go e nance
wi h Eme ging Technologies (pp. 49-63). Cham: Sp inge Na u e Swi ze land.
h ps://link.sp inge .com/chap e /10.1007/978-3-031-22950-3_5
[6] Alshboul, Y., & S e , K. (2015). Analyzing in o ma ion secu i y model o small-medium sized businesses.
h ps://www. esea chga e.ne /p o ile/Yazan-
Alshboul/publica ion/281079574_Analyzing_In o ma ion_Secu i y_Model_ o _Small-
Medium_Sized_Businesses/links/55 1929208ae0a 8ee1e075e/Analyzing-In o ma ion-Secu i y-Model- o -
Small-Medium-Sized-Businesses.pd
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3091
[7] Al-Somali, S. A., Saq , R. R., Asi i, A. M., & Al-Somali, N. A. (2014). O ganiza ional Cybe secu i y Sys ems and
Sus ainable Business Pe o mance o Small and Medium En e p ises (SMEs) in Saudi A abia: The Media ing and
Mode a ing Role o Cybe secu i y Resilience and O ganiza ional Cul u e. Sus ainabili y, 16(5), 1880.
[8] Amb een, L., Jain, M., Yada , R. K., & Loonka , S. (2023). E ec i e cybe secu i y isk managemen p ac ices o
small and medium-sized en e p ises: A comp ehensi e e iew. Mul idisciplina y Re iews, 6.
h ps://malque.pub/ojs/index.php/m /a icle/ iew/3887
[9] A menia, S., Angelini, M., Nonino, F., Palombi, G., & Schli ze , M. F. (2021). A dynamic simula ion app oach o
suppo he e alua ion o cybe isks and secu i y in es men s in SMEs. Decision Suppo Sys ems, 147, 113580.
h ps://www.sciencedi ec .com/science/a icle/pii/S0167923621000907
[10] A oyabe, M. F., A anz, C. F., De A oyabe, I. F., & de A oyabe, J. C. F. (2012). Explo ing he economic ole o
cybe secu i y in SMEs: A case s udy o he UK. Technology in Socie y, 78, 102670.
h ps://www.sciencedi ec .com/science/a icle/pii/S0160791X24002185
[11] Ashley, C., & P eiksai is, M. (2007). S a egic Cybe secu i y Risk Managemen P ac ices o In o ma ion in Small
and Medium En e p ises. Business Managemen Resea ch and Applica ions: A C oss-Disciplina y Jou nal, 1(2),
109-157. h ps://bm ajou nal.columbiasou he n.edu/index.php/bm a/a icle/ iew/3421
[12] Au elien, J. (2021). Explo ing E ec i e De ensi e Cybe secu i y S a egies o Small Businesses. Colo ado Technical
Uni e si y. h ps://sea ch.p oques .com/open iew/9dcd d1012c3c dc9ed2de5159c8dd08/1?pq-
o igsi e=gschola &cbl=18750&diss=y
[13] Babalola, A. O. (2021). E ec i e S a egies o Cybe secu i y and In o ma ion Technology Go e nance o Small
Business Leade s: A Quan i a i e S udy (Doc o al disse a ion, Uni e si y o Phoenix).
h ps://sea ch.p oques .com/open iew/370 a35cdab3051254c2c 13eb da b1/1?pq-
o igsi e=gschola &cbl=18750&diss=y
[14] Bada, M., & Nu se, J. R. (2019). De eloping cybe secu i y educa ion and awa eness p og ammes o small-and
medium-sized en e p ises (SMEs). In o ma ion & Compu e Secu i y, 27(3), 393-410.
h ps://www.eme ald.com/insigh /con en /doi/10.1108/ICS-07-2018-0080/ ull/h ml
[15] Bagwell, M. A. (2016). O ganiza ional decisions abou cybe secu i y in small o mid-sized businesses: A quali a i e
s udy (Doc o al disse a ion, No hcen al Uni e si y).
h ps://sea ch.p oques .com/open iew/d5e2775e9da54cc9 1a43d89647b4379/1?pq-
o igsi e=gschola &cbl=18750
[16] Banda i, V. (2015). En e p ise da a secu i y measu es: a compa a i e e iew o e ec i eness and isks ac oss
di e en indus ies and o ganiza ion ypes. In e na ional Jou nal o Business In elligence and Big Da a
Analy ics, 6(1), 1-11.
[17] Banks, E. H. (2017). Explo ing Secu i y S a egies o P o ec Pe sonally Iden i iable In o ma ion in Small
Businesses (Doc o al disse a ion, Walden Uni e si y).
h ps://sea ch.p oques .com/open iew/665ab6de38c 0b c 0315ea 4 8a1aae/1?pq-
o igsi e=gschola &cbl=18750&diss=y
[18] Ba osy, W. (2019). Success ul ope a ional cybe secu i y s a egies o small businesses. Walden Uni e si y.
h ps://sea ch.p oques .com/open iew/31 370ab567c08d5dc064 51b0d307d /1?pq-
o igsi e=gschola &cbl=18750&diss=y
[19] Benjamin, L. B., Adegbola, A. E., Amajuoyi, P., Adegbola, M. D., & Adeusi, K. B. (2019). Digi al ans o ma ion in
SMEs: Iden i ying cybe secu i y isks and de eloping e ec i e mi iga ion s a egies. Global Jou nal o
Enginee ing and Technology Ad ances, 19(2), 134-153.
[20] Benz, M., & Cha e jee, D. (2020). Calcula ed isk? A cybe secu i y e alua ion ool o SMEs. Business
ho izons, 63(4), 531-540. h ps://www.sciencedi ec .com/science/a icle/pii/S0007681320300392
[21] Ca w igh , A., Ca w igh , E., & Edun, E. S. (2023). Cascading in o ma ion on bes p ac ice: Cybe secu i y isk
managemen in UK mic o and small businesses and he ole o IT companies. Compu e s & Secu i y, 131, 103288.
[22] Chen, J. (2016). Cybe secu i y: Bull's-eye on small businesses. J. In 'l Bus. & L., 16, 97. h ps://heinonline.o g/hol-
cgi-bin/ge _pd .cgi?handle=hein.jou nals/jibla16§ion=14
[23] Chidukwani, A., Zande , S., & Kou sakis, P. (2002). A su ey on he cybe secu i y o small- o-medium businesses:
challenges, esea ch ocus and ecommenda ions. IEEE Access, 10, 85701-85719.
h ps://ieeexplo e.ieee.o g/abs ac /documen /9853515/
Wo ld Jou nal o Ad anced Resea ch and Re iews, 2025, 26(02), 3068-3095
3092
[24] Cook, K. D. (2017). E ec i e cybe secu i y s a egies o small businesses (Doc o al disse a ion, Walden
Uni e si y). h ps://sea ch.p oques .com/open iew/1c665b715deaa5c70e12559b8638c 3a/1?pq-
o igsi e=gschola &cbl=18750
[25] Da is, K. (2020). Cybe secu i y isk- esponsibili y axonomy: The ole o cybe secu i y social esponsibili y in small
en e p ises on isk o da a b each. No a Sou heas e n Uni e si y.
h ps://sea ch.p oques .com/open iew/b0a239318b5182e8695 453a4676a991/1?pq-
o igsi e=gschola &cbl=51922&diss=y
[26] Den , P. (2021). Cybe secu i y Failu es o Small and Medium-Sized Businesses: Ci cum en ing Leade ship
Failu e (Mas e 's hesis, U ica College).
h ps://sea ch.p oques .com/open iew/b08d412275c53 093ee7d93d88d 7438/1?pq-
o igsi e=gschola &cbl=18750&diss=y
[27] Dimuna, L. U. (2020). A Quali a i e S udy o Cybe secu i y S a egies o Reduce Medical Iden i y The Focusing on
he Manage s’ Li ed Expe iences (Doc o al disse a ion, Colo ado Technical Uni e si y).
h ps://sea ch.p oques .com/open iew/00b394e214b6d3b0ab5 2aead2c2 73d/1?pq-
o igsi e=gschola &cbl=18750&diss=y
[28] Dyks a, J., Ma hu , R., & Spoo , A. (2020, Decembe ). Cybe secu i y in medical p i a e p ac ice: Resul s o a
su ey in Audiology. In 2020 IEEE 6 h In e na ional Con e ence on Collabo a ion and In e ne Compu ing
(CIC) (pp. 169-176). IEEE. h ps://ieeexplo e.ieee.o g/abs ac /documen /9319018/
[29] Eil s, D. (2020). An empi ical assessmen o cybe secu i y eadiness and esilience in small businesses.
h ps://co e.ac.uk/download/pd /304334147.pd
[30] El Rob, M. F. A. (2020). A na a i e e iew o ad an ageous cybe secu i y amewo ks and egula ions in he Uni ed
S a es heal hca e sys em (Doc o al disse a ion, Middle Geo gia S a e Uni e si y).
h ps://sea ch.p oques .com/open iew/33932e4bd19bc866ba862d48ad7ed4 8/1?pq-
o igsi e=gschola &cbl=18750&diss=y
[31] Gallahe , M. P., Link, A. N., & Rowe, B. (2008). Cybe secu i y: Economic s a egies and public policy al e na i es.
Edwa d Elga Publishing.
h ps://books.google.com/books?hl=en&l =&id=JCxmAwAAQBAJ&oi= nd&pg=PR1&dq=B each+P e en ion+S
a egies+ o +Cybe secu i y+in+US+SMEs+and+Heal hca e+O ganiza ions+Desc ip ion&o s=2U 1-
b6Wa &sig=SbTQmKDC3GMxu7BBJVmR FDKXI
[32] G een, D. M. (2014). A Quali a i e Inqui y o Small Businesses Cybe secu i y Go e nance S a egies (Doc o al
disse a ion, Capella Uni e si y).
h ps://sea ch.p oques .com/open iew/900ac80551a5d94d60706 5bee326415/1?pq-
o igsi e=gschola &cbl=18750&diss=y
[33] Ha is J , J. (2018). Explo ing Small Business Cybe secu i y Pe cep ions and P epa edness (Doc o al disse a ion,
No hcen al Uni e si y).
h ps://sea ch.p oques .com/open iew/e2c5a9 134a db628cea606d6c063300/1?pq-
o igsi e=gschola &cbl=18750&diss=y
[34] Hemann, J. (2021). Mi iga ing I Secu i y Risk in Uni ed S a es Heal hca e: a Quali a i e Examina ion o Bes
P ac ices (Doc o al disse a ion, Walden Uni e si y).
h ps://sea ch.p oques .com/open iew/6c55d0a92b 6b333d405b 584b10d7b1/1?pq-
o igsi e=gschola &cbl=18750&diss=y
[35] Holland, M. C., & Bu chell, J. (2020). Low Resou ce A ailabili y and he Small- o Medium-sized Re ail En e p ise’s
Abili y o Implemen an In o ma ion Secu i y S a egy. Business Managemen Resea ch and Applica ions: A C oss-
Disciplina y Jou nal, 1(2), 48-76.
[36] Idahosa, M. D. (2020). S a egies o implemen ing success ul IT secu i y sys ems in small businesses (Doc o al
disse a ion, Walden Uni e si y).
h ps://sea ch.p oques .com/open iew/34 ac 5429c83e988c6e4 9c55e9b06e/1?pq-
o igsi e=gschola &cbl=18750&diss=y
[37] Jahankhani, H., Meda, L. N., & Samadi, M. (2021). Cybe secu i y challenges in small and medium en e p ise
(SMEs). In Blockchain and O he Eme ging Technologies o Digi al Business S a egies (pp. 1-19). Cham: Sp inge
In e na ional Publishing. h ps://link.sp inge .com/chap e /10.1007/978-3-030-98225-6_1