Cybersecurity Management Practices in Thai SMEs
Number of Authors: 22024 (English)In: Proceedings of the Nineteenth Midwest Association for Information Systems Conference, Association for Information Systems (AIS) , 2024, article id 23Conference paper, Published paper (Refereed)
Abstract [en]
The shift from traditional businesses to digitally enabled organisations has made information the most valuable asset for SMEs, which, in turn, has made cyber security management a primary concern. This study explores the cybersecurity management practices in Thai SMEs and the factors determining the adoption of common cybersecurity frameworks and controls. The study applied a mixed-method research strategy with qualitative and quantitative data collection methods (in-depth interviews with experts, and an online survey of 75 SMEs). The preliminary findings indicate that SMEs in Thailand practice various cybersecurity controls but refrain from adopting cybersecurity standards or frameworks, such as ISO2700X series, NIST, and PCI DSS. On the other hand, SMEs seem to comply with national laws, including Thailand’s PDPA, Computer Crime Act, and Personal Information Act. A further analysis indicates that the lack of financial resources, tools and expertise were the main reasons for not adopting common frameworks and controls among SMEs.
Place, publisher, year, edition, pages
Association for Information Systems (AIS) , 2024. article id 23
Keywords [en]
Cybersecurity Controls, Cybersecurity Frameworks, Cybersecurity Management, Cybersecurity Standards, SMEs, Thailand
National Category
Computer Sciences
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-232095OAI: oai:DiVA.org:su-232095DiVA, id: diva2:1885707
Conference
The 19th Midwest Association for Information Systems Conference (MWAIS), Peoria, IL, USA. May 16-17, 2024.
2024-07-242024-07-242024-07-29Bibliographically approved