Results of the summarizing process for the arXiv paper: 2109.00733v1

Small businesses with 0-19 employees are increasingly becoming targets for cyber-criminals. However, they struggle to implement effective cyber-security measures that larger businesses routinely deploy. This poses a significant threat as small businesses employ a substantial portion of the workforce. In this paper, we delve into the challenges faced by small businesses in terms of cyber-security within an Australian context. Through a comprehensive keyword search across academic search engines such as Scopus, ProQuest, Science Direct, SpringerLink and IEEE Xplore, we identified 22 relevant papers that exclusively discussed cyber-security in the context of small businesses or SMEs. By comparing our research aims with selected review papers, we found that existing literature often fails to distinguish small businesses as a separate cohort in the broader cyber-security landscape. Our study highlights the unique characteristics of small businesses that can either hinder or facilitate their ability to enhance cyber-security measures. Factors such as resource constraints, organizational process maturity and legal structures play a crucial role in determining a small business's cyber-resilience. We also explore how certain characteristics like agility and piecemeal IT architecture could potentially be leveraged to improve cyber-security within small businesses. Overall, our research reveals a gap in current studies on small business cyber-security and underscores the need for legal and policy interventions to help these enterprises become more resilient against cyber threats. By addressing both technical and non-technical challenges faced by small businesses in implementing robust cyber-security measures, we aim to contribute towards developing effective and suitable solutions tailored specifically for this vulnerable sector of the economy.

• - Small businesses with 0-19 employees are increasingly targeted by cyber-criminals
• - They struggle to implement effective cyber-security measures compared to larger businesses
• - This poses a significant threat as small businesses employ a substantial portion of the workforce
• - Existing literature often fails to distinguish small businesses as a separate cohort in the broader cyber-security landscape
• - Factors such as resource constraints, organizational process maturity, and legal structures impact small business cyber-resilience
• - Characteristics like agility and piecemeal IT architecture could be leveraged to improve cyber-security within small businesses
• - Legal and policy interventions are needed to help small enterprises become more resilient against cyber threats

SummarySmall businesses with 0-19 employees are being targeted by bad people who use computers to do bad things. These small businesses have a hard time protecting themselves from these bad people compared to bigger businesses. This is a big problem because many people work for small businesses. People who write about this topic often forget to talk specifically about small businesses and how they can protect themselves online. Things like not having enough resources, not being very organized, and following certain rules affect how well small businesses can defend against online attacks. Small businesses can use their ability to move quickly and their simple computer systems to make it harder for bad people to harm them. Laws and rules should be made to help small companies become stronger against online dangers. Definitions- Small businesses: Companies that have only a few employees and are not very big. - Cyber-criminals: Bad people who use computers or the internet to do illegal activities. - Cyber-security measures: Ways of protecting computers, networks, and data from being attacked or damaged. - Workforce: All the people who work in a company or industry. - Literature: Written works such as books, articles, or research papers. - Cohort: A group of individuals sharing common characteristics within a larger population. - Resource constraints: Not having enough money, time, or tools to do something. - Organizational process maturity: How well a company's procedures and practices are developed and managed. - Legal structures: Rules and regulations that govern how a business operates within the

Small businesses are the backbone of any economy, providing employment opportunities and driving innovation. However, with the increasing reliance on technology in today's business landscape, small businesses have become prime targets for cyber-criminals. These enterprises often lack the resources and expertise to implement effective cyber-security measures, making them vulnerable to attacks. This not only puts their own operations at risk but also poses a threat to the larger ecosystem they operate in. In this research paper, we delve into the challenges faced by small businesses in terms of cyber-security within an Australian context. Our aim is to highlight the unique characteristics of small businesses that can either hinder or facilitate their ability to enhance cyber-security measures. Through a comprehensive keyword search across academic search engines such as Scopus, ProQuest, Science Direct, SpringerLink and IEEE Xplore, we identified 22 relevant papers that exclusively discussed cyber-security in the context of small businesses or SMEs. Upon comparing our research aims with selected review papers, we found that existing literature often fails to distinguish small businesses as a separate cohort in the broader cyber-security landscape. Most studies tend to focus on large corporations or government entities when discussing cyber-security challenges and solutions. This highlights a significant gap in understanding and addressing the specific needs of small businesses when it comes to protecting themselves against cyber threats. One key factor contributing to this gap is resource constraints faced by small businesses. Unlike larger organizations with dedicated IT departments and budgets for cybersecurity measures, most small businesses do not have access to such resources. As a result, they may rely on outdated software or hardware systems that are more susceptible to attacks. Additionally, smaller budgets may limit their ability to invest in advanced security tools or hire specialized personnel. Another crucial aspect is organizational process maturity – how well-defined and structured an organization's processes are when it comes to managing information security risks. Small businesses often lack formalized processes for handling sensitive data or responding effectively during a security breach. This can leave them vulnerable to attacks and make it challenging to recover from a cyber-attack. Legal structures also play a significant role in determining a small business's cyber-resilience. In many cases, small businesses may not have the legal resources or knowledge to navigate complex data protection laws and regulations. This can lead to non-compliance, leaving them open to penalties and reputational damage in case of a data breach. However, our research also highlights certain characteristics unique to small businesses that could potentially be leveraged to improve their cyber-security measures. For instance, agility – the ability to quickly adapt and respond to changing circumstances – is often seen as an advantage for smaller organizations. They can implement security measures more rapidly compared to larger corporations with complex hierarchies and processes. Piecemeal IT architecture is another characteristic that could be utilized by small businesses for better cybersecurity. These enterprises often rely on multiple systems and applications that are not fully integrated, making it difficult for hackers to gain access through one entry point. By leveraging this fragmented IT infrastructure, small businesses can create additional layers of defense against cyber threats. Overall, our research reveals a gap in current studies on small business cyber-security and underscores the need for legal and policy interventions tailored specifically for this sector of the economy. By addressing both technical and non-technical challenges faced by small businesses in implementing robust cyber-security measures, we aim to contribute towards developing effective solutions that are suitable for these vulnerable enterprises. In conclusion, it is crucial for policymakers, industry experts, and academia alike to recognize the unique challenges faced by small businesses when it comes to cybersecurity. With proper support and interventions targeted towards this sector, we can help these enterprises become more resilient against cyber threats while safeguarding their operations as well as the larger ecosystem they operate in.