Exploration of The Impact of Cyber Situational Awareness On Small and Medium Enterprises (SMEs) in Malaysia

Article Sidebar

PDF
Published: Feb 14, 2025
DOI: https://doi.org/10.33093/jiwe.2025.4.1.21
Keywords:
Cyber Security, Small and Medium-sized Enterprises, Cyber Situation Awareness, Cyber Threats, Cyber Protection Behavior

Main Article Content

Tan Chee Keong
UNITAR International University, Malaysia
https://orcid.org/0009-0001-7151-7926
Sofiah Kadar Khan
UNITAR International University, Malaysia
Umar Farooq Khattak
UNITAR International University, Malaysia

Abstract

The objective of this study is to explore the cyber situational awareness (CSA) level among the employees of small and medium-sized enterprises (SME) in Malaysia, by extending Endsley's situation awareness (SA) theory. It is crucial to understand the level of cyber situational awareness among employees as it sheds light on how well the employees understand the cyber threats and if they can handle them effectively. Literature has reviewed that SMEs are subject to a greater danger of cyber-attacks. Therefore, employees' awareness of cyber situations is of the utmost significance in studying cyber security. A convenient non-probability sampling method was chosen due to less expensive to deploy and increase the efficiency of data collection processes. IBM SPSS was used to conduct descriptive exploration data analysis that provides insight into the employee's current CSA by categorizing the employees into good, average, and poor understanding of the CSA. A total of 443 surveys were collected in the study, the findings reveal that most employees are not adequately aware of cyber situations, and employees understand the need to adhere to cyber security policy within the organization but fail to comply. The study contributes to practical domain by identifying the current level of CSA, SMEs should be set forth to create a strong culture of cyber security awareness and compliance and prioritize cyber security as part of the organization's culture to improve overall employee engagement and motivation in dealing with cyber threats.

Article Details

How to Cite
Chee Keong, T., Khan, S. K., & Khattak, U. F. (2025). Exploration of The Impact of Cyber Situational Awareness On Small and Medium Enterprises (SMEs) in Malaysia. Journal of Informatics and Web Engineering, 4(1), 292–306. https://doi.org/10.33093/jiwe.2025.4.1.21
Issue
Vol. 4 No. 1 (2025): February 2025
Section
Regular issue
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

All articles published in JIWE are licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License. Readers are allowed to

  • Share — copy and redistribute the material in any medium or format under the following conditions:
  • Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use;
  • NonCommercial — You may not use the material for commercial purposes;
  • NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified material.

References

K. Renaud and J. Ophoff, “A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs,” Organizational Cybersecurity Journal: Practice, Process and People, vol. 1, no. 1, pp. 24–46, Oct. 2021, doi: 10.1108/ocj-03-2021-0004.

Accenture, “How aligning security and the business creates cyber resilience State of Cybersecurity Resilience 2021,” 2021.

K. Gurchiek, “Lack of Awareness, Poor Security Practices Pose Cyber Risks,” SHRM, Jul. 2019, [Online]. Available: https://www.shrm.org/resourcesandtools/hr-topics/technology/pages/lack-of-awareness-poor-security-practices-pose-cyber-risks.aspx

Intrusion, “Cybercrime to cost the world 10.5 trillion annually by 2025,” GlobeNewswire Newsroom, Nov. 2020, [Online]. Available: https://www.globenewswire.com/news-release/2020/11/18/2129432/0/en/Cybercrime-To-Cost-The-World-10-5-Trillion-Annually-By-2025.html

S. Morgan, “Cybercrime To Cost The World $10.5 Trillion Annually By 2025.” [Online]. Available: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

G. Lloyd, “The business benefits of cyber security for SMEs,” Computer Fraud and Security, no. 2020(2), pp. 14–17, 2020, doi: https://doi.org/10.1016/S1361-3723(20)30019-1.

The MDEC Team, “SME Data Driven Playbook 2022.” [Online]. Available: https://mdec.my/wp-content/uploads/2022/09/SME-Data-Driven-Playbook-MDEC-1.pdf

V. Gomes, “Catalysing Malaysia’s digital economy,” The Edge Markets, Sep. 2022, [Online]. Available: https://www.theedgemarkets.com/article/catalysing-malaysias-digital-economy

L. Yin Xia, A. H. Nor Aziati, A. Hamid Ahmad, and S. Seah, “The Factors and Challenges affecting Digital Economy in Malaysia,” 2021. [Online]. Available: https://www.researchgate.net/publication/352118174

L. Li, L. Xu, and W. He, “The effects of antecedents and mediating factors on cybersecurity protection behavior,” Computers in Human Behavior Reports, vol. 5, Mar. 2022, doi: 10.1016/j.chbr.2021.100165.

M. Antunes, M. Maximiano, R. Gomes, and D. Pinto, “Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal,” Journal of Cybersecurity and Privacy, vol. 1, no. 2, pp. 219–238, Jun. 2021, doi: 10.3390/jcp1020012.

A. Shojaifar and H. Järvinen, “Classifying SMEs for Approaching Cybersecurity Competence and Awareness,” in ACM International Conference Proceeding Series, Association for Computing Machinery, Aug. 2021. doi: 10.1145/3465481.3469200.

Y. H.-S. Kam, K. Jones, R. Rawlinson-Smith, and K. Tam, “In Search of Suitable Methods for Cost-Benefit Analysis of Cyber Risk Mitigation in Offshore Wind: A Survey,” Journal of Informatics and Web Engineering, vol. 3, no. 3, pp. 314–328, Oct. 2024, doi: 10.33093/jiwe.2024.3.3.20.

T. Mammadov, N. Abdul Rahman, M. Farhan Mohd Rahimi, C. Gov Azerbaijan, and C. Malaysia Kuala Lumpur, “Establishment of a Method to Measure the Awareness of OIC-CERT Members,” Journal of Cyber Security, vol. 3, no. 1, 2021.

Z. Zulkifli, N. Nuha, A. Molok, N. Hayani, A. Rahim, and S. Talib, “CYBER SECURITY AWARENESS AMONG SECONDARY SCHOOL STUDENTS IN MALAYSIA,” 2020.

M. R. Endsley, “Toward a theory of situation awareness in dynamic systems,” Hum Factors, vol. 37, pp. 32–64, 1985.

M. R. Endsley, “A taxonomy of situation awareness errors,” Human Factors in Aviation Operations, vol. 3, no. 2, pp. 287–292, 1995.

N. Walshe et al., “Situation awareness and the mitigation of risk associated with patient deterioration: A meta-narrative review of theories and models and their relevance to nursing practice,” Dec. 01, 2021, Elsevier Ltd. doi: 10.1016/j.ijnurstu.2021.104086.

R. Gutzwiller, J. Dykstra, and B. Payne, “Gaps and opportunities in situational awareness for cybersecurity,” Digital Threats: Research and Practice, vol. 1, no. 3, Sep. 2020, doi: 10.1145/3384471.

F. Hoppe, N. Gatzert, and P. Gruner, “Cyber risk management in SMEs: insights from industry surveys,” Journal of Risk Finance, vol. 22, no. 3–4, pp. 240–260, Nov. 2021, doi: 10.1108/JRF-02-2020-0024.

T. Gibbs, “Seeking economic cyber security: A Middle Eastern example,” Journal of Money Laundering Control, vol. 23, no. 2, pp. 493–507, 2020, doi: 10.1108/jmlc-09-2019-0076.

E. Osborn and A. Simpson, “Risk and the Small-Scale Cyber Security Decision Making Dialogue - A UK Case Study,” Computer Journal, vol. 61, no. 4, pp. 472–495, Apr. 2018, doi: 10.1093/comjnl/bxx093.

Robert Walters and Vacanysoft, “Cybersecurity-Building-Business-Resilience,” 2020. Accessed: Dec. 20, 2024. [Online]. Available: https://www.robertwalters.co.uk/content/dam/robert-walters/country/united-kingdom/files/whitepapers/Cybersecurity-Building-Business-Resilience.pdf

N. C. Zainal, M. H. M. Puad, and N. F. M. Sani, “Moderating Effect of Self-Efficacy in the Relationship Between Knowledge, Attitude and Environment Behavior of Cybersecurity Awareness,” Asian Soc Sci, vol. 18, no. 1, p. 55, Dec. 2021, doi: 10.5539/ass.v18n1p55.

U. D. Ani, H. He, and A. Tiwari, “Human factor security: evaluating the cybersecurity capacity of the industrial workforce,” Journal of Systems and Information Technology, vol. 21, no. 1, pp. 2–35, Mar. 2019, doi: 10.1108/JSIT-02-2018-0028.

I. J. Ismail, “Entrepreneurial Start-up Motivations and Growth of Small and Medium Enterprises in Tanzania: The Role of Entrepreneur’s Personality Traits,” FIIB Business Review, vol. 11, no. 1, pp. 79–93, Mar. 2022, doi: 10.1177/23197145211068599.

K. Renaud and J. Ophoff, “A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs,” Organizational Cybersecurity Journal: Practice, Process and People, vol. 1, no. 1, pp. 24–46, Oct. 2021, doi: 10.1108/ocj-03-2021-0004.

Accenture, “How aligning security and the business creates cyber resilience State of Cybersecurity Resilience 2021,” 2021.

K. Gurchiek, “Lack of Awareness, Poor Security Practices Pose Cyber Risks,” SHRM, Jul. 2019, [Online]. Available: https://www.shrm.org/resourcesandtools/hr-topics/technology/pages/lack-of-awareness-poor-security-practices-pose-cyber-risks.aspx

Intrusion, “Cybercrime to cost the world 10.5 trillion annually by 2025,” GlobeNewswire Newsroom, Nov. 2020, [Online]. Available: https://www.globenewswire.com/news-release/2020/11/18/2129432/0/en/Cybercrime-To-Cost-The-World-10-5-Trillion-Annually-By-2025.html

S. Morgan, “Cybercrime To Cost The World $10.5 Trillion Annually By 2025.” [Online]. Available: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

G. Lloyd, “The business benefits of cyber security for SMEs,” Computer Fraud and Security, no. 2020(2), pp. 14–17, 2020, doi: https://doi.org/10.1016/S1361-3723(20)30019-1.

The MDEC Team, “SME Data Driven Playbook 2022.” [Online]. Available: https://mdec.my/wp-content/uploads/2022/09/SME-Data-Driven-Playbook-MDEC-1.pdf

V. Gomes, “Catalysing Malaysia’s digital economy,” The Edge Markets, Sep. 2022, [Online]. Available: https://www.theedgemarkets.com/article/catalysing-malaysias-digital-economy

L. Yin Xia, A. H. Nor Aziati, A. Hamid Ahmad, and S. Seah, “The Factors and Challenges affecting Digital Economy in Malaysia,” 2021. [Online]. Available: https://www.researchgate.net/publication/352118174

L. Li, L. Xu, and W. He, “The effects of antecedents and mediating factors on cybersecurity protection behavior,” Computers in Human Behavior Reports, vol. 5, Mar. 2022, doi: 10.1016/j.chbr.2021.100165.

M. Antunes, M. Maximiano, R. Gomes, and D. Pinto, “Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal,” Journal of Cybersecurity and Privacy, vol. 1, no. 2, pp. 219–238, Jun. 2021, doi: 10.3390/jcp1020012.

A. Shojaifar and H. Järvinen, “Classifying SMEs for Approaching Cybersecurity Competence and Awareness,” in ACM International Conference Proceeding Series, Association for Computing Machinery, Aug. 2021. doi: 10.1145/3465481.3469200.

Y. H.-S. Kam, K. Jones, R. Rawlinson-Smith, and K. Tam, “In Search of Suitable Methods for Cost-Benefit Analysis of Cyber Risk Mitigation in Offshore Wind: A Survey,” Journal of Informatics and Web Engineering, vol. 3, no. 3, pp. 314–328, Oct. 2024, doi: 10.33093/jiwe.2024.3.3.20.

T. Mammadov, N. Abdul Rahman, M. Farhan Mohd Rahimi, C. Gov Azerbaijan, and C. Malaysia Kuala Lumpur, “Establishment of a Method to Measure the Awareness of OIC-CERT Members,” Journal of Cyber Security, vol. 3, no. 1, 2021.

Z. Zulkifli, N. Nuha, A. Molok, N. Hayani, A. Rahim, and S. Talib, “CYBER SECURITY AWARENESS AMONG SECONDARY SCHOOL STUDENTS IN MALAYSIA,” 2020.

M. R. Endsley, “Toward a theory of situation awareness in dynamic systems,” Hum Factors, vol. 37, pp. 32–64, 1985.

M. R. Endsley, “A taxonomy of situation awareness errors,” Human Factors in Aviation Operations, vol. 3, no. 2, pp. 287–292, 1995.

N. Walshe et al., “Situation awareness and the mitigation of risk associated with patient deterioration: A meta-narrative review of theories and models and their relevance to nursing practice,” Dec. 01, 2021, Elsevier Ltd. doi: 10.1016/j.ijnurstu.2021.104086.

R. Gutzwiller, J. Dykstra, and B. Payne, “Gaps and opportunities in situational awareness for cybersecurity,” Digital Threats: Research and Practice, vol. 1, no. 3, Sep. 2020, doi: 10.1145/3384471.

F. Hoppe, N. Gatzert, and P. Gruner, “Cyber risk management in SMEs: insights from industry surveys,” Journal of Risk Finance, vol. 22, no. 3–4, pp. 240–260, Nov. 2021, doi: 10.1108/JRF-02-2020-0024.

T. Gibbs, “Seeking economic cyber security: A Middle Eastern example,” Journal of Money Laundering Control, vol. 23, no. 2, pp. 493–507, 2020, doi: 10.1108/jmlc-09-2019-0076.

E. Osborn and A. Simpson, “Risk and the Small-Scale Cyber Security Decision Making Dialogue - A UK Case Study,” Computer Journal, vol. 61, no. 4, pp. 472–495, Apr. 2018, doi: 10.1093/comjnl/bxx093.

Robert Walters and Vacanysoft, “Cybersecurity-Building-Business-Resilience,” 2020. Accessed: Dec. 20, 2024. [Online]. Available: https://www.robertwalters.co.uk/content/dam/robert-walters/country/united-kingdom/files/whitepapers/Cybersecurity-Building-Business-Resilience.pdf

N. C. Zainal, M. H. M. Puad, and N. F. M. Sani, “Moderating Effect of Self-Efficacy in the Relationship Between Knowledge, Attitude and Environment Behavior of Cybersecurity Awareness,” Asian Soc Sci, vol. 18, no. 1, p. 55, Dec. 2021, doi: 10.5539/ass.v18n1p55.

U. D. Ani, H. He, and A. Tiwari, “Human factor security: evaluating the cybersecurity capacity of the industrial workforce,” Journal of Systems and Information Technology, vol. 21, no. 1, pp. 2–35, Mar. 2019, doi: 10.1108/JSIT-02-2018-0028.

I. J. Ismail, “Entrepreneurial Start-up Motivations and Growth of Small and Medium Enterprises in Tanzania: The Role of Entrepreneur’s Personality Traits,” FIIB Business Review, vol. 11, no. 1, pp. 79–93, Mar. 2022, doi: 10.1177/23197145211068599.

J. F. Hair, M. Page, and N. Brunsveld, “Essentials of business research methods,” 2020.

L. Zhang-Kennedy and S. Chiasson, “A Systematic Review of Multimedia Tools for Cybersecurity Awareness and Education,” Jan. 31, 2021, Association for Computing Machinery. doi: 10.1145/3427920.

M. A. Alqahtani, “Cybersecurity Awareness Based on Software and E-mail Security with Statistical Analysis,” Comput Intell Neurosci, vol. 2022, 2022, doi: 10.1155/2022/6775980.

CyberSecurity Malaysia, “Information Security Guidelines Small & Medium Enterprises (SMEs) for,” 2011. Accessed: Dec. 19, 2024. [Online]. Available: https://www.cybersafe.my/pdf/guidelines/guideline_SME.pdf

W. C. H. Hong, C. Y. Chi, J. Liu, Y. F. Zhang, V. N. L. Lei, and X. S. Xu, “The influence of social education level on cybersecurity awareness and behaviour: a comparative study of university students and working graduates,” Educ Inf Technol (Dordr), vol. 28, no. 1, pp. 439–470, Jan. 2023, doi: 10.1007/s10639-022-11121-5.

M. Zwilling, G. Klien, D. Lesjak, L. Wiechetek, F. Cetin, and H. N. Basim, “Cyber Security Awareness, Knowledge and Behavior: A Comparative Study,” Journal of Computer Information Systems, vol. 62, no. 1, pp. 82–97, 2022, doi: 10.1080/08874417.2020.1712269.

H. A. Kruger and W. D. Kearney, “A prototype for assessing information security awareness,” Comput Secur, vol. 25, no. 4, pp. 289–296, Jun. 2006, doi: 10.1016/j.cose.2006.02.008.

S. Chaudhary and V. Gkioulos, “SME Cybersecurity Awareness Program 1”, 2020.

P. S. Ulrich, A. Timmermann, and V. Frank, “Organizational aspects of cybersecurity in German family firms – Do opportunities or risks predominate?,” Organizational Cybersecurity Journal: Practice, Process and People, vol. 2, no. 1, pp. 21–40, Apr. 2022, doi: 10.1108/ocj-03-2021-0010.

H. Zwarts, J. Du Toit, and B. Von Solms, “A Cyber-Diplomacy and Cybersecurity Awareness Framework (CDAF) for Developing Countries,” in European Conference on Cyber Warfare and Security, 2022.

M. Alshaikh, “Developing cybersecurity culture to influence employee behavior: A practice perspective,” Comput Secur, vol. 98, Nov. 2020, doi: 10.1016/j.cose.2020.102003.

M. Hijji and G. Alam, “Cybersecurity Awareness and Training (CAT) Framework for Remote Working Employees,” Sensors, vol. 22, no. 22, Nov. 2022, doi: 10.3390/s22228663.

O. Uvarova, “SMEs digital transformation in the EaP countries during COVID-19,” 2021. [Online]. Available: https://eap-csf.eu/wp-content/uploads/SMEs-digital-transformation-in-the-EaP-countries-during-COVID-19.pdf

M. Cooper, Y. Levy, L. Wang, and L. Dringus, “Heads-up! An alert and warning system for phishing emails,” Organizational Cybersecurity Journal: Practice, Process and People, vol. 1, no. 1, pp. 47–68, Oct. 2021, doi: 10.1108/ocj-03-2021-0006.

J. Mou, J. Cohen, A. Bhattacherjee, and J. Kim, “A Test of Protection Motivation Theory in the Information Security Literature: A Meta-Analytic Structural Equation Modeling Approach,” J Assoc Inf Syst, vol. 23, no. 1, pp. 196–236, 2022, doi: 10.17705/1jais.00723.

T. Munusamy and T. Khodadi, “Building Cyber Resilience: Key Factors for Enhancing Organizational Cyber Security,” Journal of Informatics and Web Engineering, vol. 2, no. 2, pp. 59–71, Sep. 2023, doi: 10.33093/jiwe.2023.2.2.5.