Abstract
Small and Medium-Sized Enterprises (SMEs) face unique cybersecurity challenges due to limited resources, expertise, and access to skilled personnel. These vulnerabilities have made SMEs prime targets for increasingly sophisticated cyberattacks. Addressing these gaps, this study introduces a conceptual framework that identifies essential cybersecurity skill requirements for SMEs. Grounded in three robust theoretical foundations—Theory of Planned Behaviour (TPB), Situational Awareness Theory (SAT), and General Deterrence Theory (GDT)—the framework offers actionable insights into shaping employee behaviors, enhancing threat awareness, and implementing effective deterrence mechanisms.
A quantitative research design underpins the study, leveraging structured questionnaires to gather data on SMEs' current cybersecurity practices, employee skill levels, and organizational culture. The findings reveal significant skill gaps that persist despite ongoing efforts, underscoring the importance of continuous training and external support. Through detailed descriptive and inferential statistical analyses, relationships between technical competencies, organizational readiness, and employee attitudes were explored, validating the framework's utility and relevance.
This study makes critical contributions to the cybersecurity resilience of SMEs by providing a practical roadmap for cultivating essential skills. By improving both technical capabilities and fostering a cybersecurity-aware culture, SMEs can mitigate vulnerabilities, enhance their defensive posture, and ensure sustainable operations in an increasingly digital economy