The role of awareness in adoption of government cyber security initiatives : A study of SMEs in the U.K.

Abstract: Awareness is a key component of any information security programme. This study sets out to establish whether SMEs are using the government cyber security initiatives and finds that only 4.3% of respondents are utilising the resource that is freely available from the newly formed National Cyber Security Centre. The principal reason for this is a lack of awareness, although the survey also reveals that respondents would use this service if they had knowledge of it. Furthermore, 72.3% are keen for the government to deliver a public cyber security awareness campaign from funds available to the National Cyber Security Strategy. The association of the NCSC with GCHQ is seen to increase the trust in the service the NCSC delivers, whilst incentivising SMEs to enhance their security is popular amongst the 46 respondents. Survey responses suggest that small and micro businesses believe that they are too small to attract cyber-attacks, under the misguided assumption that “security through obscurity” is a viable control to mitigate the cyber risk. This underlines the lack of awareness of the randomness of threats such as ransomware and supports the need for greater user knowledge.