A large-scale interview study on information security in and attacks against small and medium-sized enterprises

Huaman, Nicolas; Skarczinski, Bennet von; Stransky, Christian; Wermke, Dominik; Acar, Yasemin; Dreißigacker, Arne; Fahl, Sascha

doi:10.15496/publikation-83869

A large-scale interview study on information security in and attacks against small and medium-sized enterprises

Cybercrime is on the rise. Attacks by hackers, organized crime and nation-state adversaries are an economic threat for companies world-wide. Small and medium-sized enter-prises (SMEs) have increasingly become victims of cyber-attacks in recent years. SMEs often lack the awareness and resources to de...

Full description

Saved in:

Bibliographic Details
Authors:	Huaman, Nicolas (Author) ; Skarczinski, Bennet von (Author) ; Stransky, Christian (Author) ; Wermke, Dominik (Author) ; Acar, Yasemin (Author) ; Dreißigacker, Arne (Author) ; Fahl, Sascha (Author)
Corporate Author:	USENIX Security Symposium 30. 2021, Online (Issuing body)
Format:	Electronic Article
Language:	English
Published:	2021
In:	Proceedings of the 30th USENIX Security Symposium Year: 2021, Pages: 1235-1252
Online Access:	Volltext (kostenfrei) Volltext (kostenfrei) Volltext (kostenfrei) Volltext (kostenfrei)
Check availability:	HBZ Gateway
Keywords:	Computerkriminalität Cyberattacke Computersicherheit Cyberkriminalität Cyberangriff Cybersicherheit Konferenzschrift

MARC


LEADER	00000caa a2200000 4500
001	1780093608
003	DE-627
005	20230626072030.0
007	cr uuu---uuuuu
008	211202s2021 xx \|\|\|\|\|o 00\| \|\|eng c
020			\|a 9781939133243
024	7		\|a urn:nbn:de:bsz:21-dspace-1425225 \|2 urn
024	7		\|a 10.15496/publikation-83869 \|2 doi
024	7		\|a 10900/142522 \|2 hdl
035			\|a (DE-627)1780093608
035			\|a (DE-599)KXP1780093608
040			\|a DE-627 \|b ger \|c DE-627 \|e rda
041			\|a eng
084			\|a 2,1 \|2 ssgn
100	1		\|a Huaman, Nicolas \|e VerfasserIn \|4 aut
245	1	2	\|a A large-scale interview study on information security in and attacks against small and medium-sized enterprises \|c Nicolas Huaman, Leibniz University Hannover; CISPA Helmholtz Center for Information Security; Bennet von Skarczinski, PwC Germany; Christian Stransky and Dominik Wermke, Leibniz University Hannover; Yasemin Acar, Leibniz University Hannover; Max Planck Institute for Security and Privacy; Arne Dreißigacker, Criminological Research Institute of Lower Saxony; Sascha Fahl, Leibniz University Hannover; CISPA Helmholtz Center for Information Security
264		1	\|c 2021
300			\|b Illustrationen
336			\|a Text \|b txt \|2 rdacontent
337			\|a Computermedien \|b c \|2 rdamedia
338			\|a Online-Ressource \|b cr \|2 rdacarrier
500			\|a This paper is included in the Proceedings of the 30th USENIX Security Symposium. August 11–13, 2021
520			\|a Cybercrime is on the rise. Attacks by hackers, organized crime and nation-state adversaries are an economic threat for companies world-wide. Small and medium-sized enter-prises (SMEs) have increasingly become victims of cyber-attacks in recent years. SMEs often lack the awareness and resources to deploy extensive information security measures. However, the health of SMEs is critical for society: For example, in Germany, 38.8% of all employees work in SMEs, which contributed 31.9% of the German annual gross domestic product in 2018. Many guidelines and recommendations encourage companies to invest more into their information security measures. However, there is a lack of understanding of the adoption of security measures in SMEs, their risk perception with regards to cybercrime and their experiences with cyberattacks. To address this gap in research, we performed 5,000 computer-assisted telephone-interviews (CATIs) with representatives of SMEs in Germany. We report on their experiences with cybercrime, management of information security and risk perception. We present and discuss empirical results of the adoption of both technical and organizational security measures and risk awareness in SMEs. We find that many technical security measures and basic awareness have been deployed in the majority of companies. We uncover differences in reporting cybercrime incidences for SMEs based on their industry sector, company size and security awareness. We conclude our work with a discussion of recommendations for future research, industry and policy makers.
650	0	7	\|0 (DE-588)4010452-7 \|0 (DE-627)106357816 \|0 (DE-576)208888128 \|a Computerkriminalität \|2 gnd
650	0	7	\|0 (DE-588)1075612675 \|0 (DE-627)833540866 \|0 (DE-576)444407030 \|a Cyberattacke \|2 gnd
650	0	7	\|0 (DE-588)4274324-2 \|0 (DE-627)104467525 \|0 (DE-576)21070585X \|a Computersicherheit \|2 gnd
650		4	\|a Cyberkriminalität
650		4	\|a Cyberangriff
650		4	\|a Cybersicherheit
655		7	\|a Konferenzschrift \|0 (DE-588)1071861417 \|0 (DE-627)826484824 \|0 (DE-576)433375485 \|2 gnd-content
700	1		\|a Skarczinski, Bennet von \|e VerfasserIn \|0 (DE-588)1207327492 \|0 (DE-627)1693594595 \|4 aut
700	1		\|a Stransky, Christian \|e VerfasserIn \|4 aut
700	1		\|a Wermke, Dominik \|e VerfasserIn \|4 aut
700	1		\|a Acar, Yasemin \|e VerfasserIn \|4 aut
700	1		\|a Dreißigacker, Arne \|e VerfasserIn \|0 (DE-588)1180529928 \|0 (DE-627)1067757775 \|0 (DE-576)52020171X \|4 aut
700	1		\|a Fahl, Sascha \|e VerfasserIn \|4 aut
711	2		\|a USENIX Security Symposium \|n 30. \|d 2021 \|c Online \|j Herausgebendes Organ \|0 (DE-588)1241582327 \|0 (DE-627)177131821X \|4 isb
773	0	8	\|i Enthalten in \|a USENIX Security Symposium (30. : 2021 : Online) \|t Proceedings of the 30th USENIX Security Symposium \|d [Berkeley, CA] : USENIX Association, 2021 \|g (2021), Seite 1235-1252 \|h 1 Online-Ressource (4400 Seiten) \|w (DE-627)1771301155 \|z 9781939133243 \|7 nnnm
773	1	8	\|g year:2021 \|g pages:1235-1252
856	4	0	\|u https://www.usenix.org/system/files/sec21-huaman.pdf \|x Resolving-System \|z kostenfrei
856	4	0	\|u http://hdl.handle.net/10900/142522 \|x Resolving-System \|z kostenfrei \|3 Volltext
856	4	0	\|u https://doi.org/10.15496/publikation-83869 \|x Resolving-System \|z kostenfrei \|3 Volltext
856	4	0	\|u http://nbn-resolving.de/urn:nbn:de:bsz:21-dspace-1425225 \|x Resolving-System \|z kostenfrei \|3 Volltext
951			\|a AR
ELC			\|a 1
LOK			\|0 000 xxxxxcx a22 zn 4500
LOK			\|0 001 4342650843
LOK			\|0 003 DE-627
LOK			\|0 004 1780093608
LOK			\|0 005 20230623081849
LOK			\|0 008 230623\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|ger\|\|\|\|\|\|\|
LOK			\|0 040 \|a DE-21 \|c DE-627 \|d DE-21
LOK			\|0 092 \|o n
LOK			\|0 852 \|a DE-21
LOK			\|0 852 1 \|9 00
LOK			\|0 866 \|x Download, Universitätsbibliothek Tübingen, 2023
LOK			\|0 935 \|a opus \|a krim
LOK			\|0 000 xxxxxcx a22 zn 4500
LOK			\|0 001 4012569023
LOK			\|0 003 DE-627
LOK			\|0 004 1780093608
LOK			\|0 005 20211202113511
LOK			\|0 008 211202\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|ger\|\|\|\|\|\|\|
LOK			\|0 040 \|a DE-2619 \|c DE-627 \|d DE-2619
LOK			\|0 092 \|o n
LOK			\|0 852 \|a DE-2619
LOK			\|0 852 1 \|9 00
LOK			\|0 866 \|x #037
LOK			\|0 935 \|a krzx
OAS			\|a 1
ORI			\|a SA-MARC-krimdoka001.raw