TY - JOUR
T1 - Enhancing Cyber Security Governance and Policy for SMEs in Industry 5.0
T2 - A Comparative Study between Saudi Arabia and the United Kingdom
AU - Rawindaran, Nisha
AU - Nawaf, Liqaa
AU - Alarifi, Suaad
AU - Alghazzawi, Daniyal
AU - Carroll, Fiona
AU - Katib, Iyad
AU - Hewage, Chaminda
N1 - Publisher Copyright:
© 2023 by the authors.
PY - 2023/8/14
Y1 - 2023/8/14
N2 - The emergence of Industry 5.0 has revolutionized technology by integrating physical systems with digital networks. These advancements have also led to an increase in cyber threats, posing significant risks, particularly for small and medium-sized enterprises (SMEs). This research investigates the resistance of SMEs in Saudi Arabia and the United Kingdom (UK) to cyber security measures within the context of Industry 5.0, with a specific focus on governance and policy. It explores the cultural and economic factors contributing to this resistance, such as limited awareness of cyber security risks, financial constraints, and competing business priorities. Additionally, the study examines the role of government policies and regulations in promoting cyber security practices among SMEs and compares the approaches adopted by Saudi Arabia and the UK. By employing a mixed methods analysis, including interviews with SME owners and experts, the research highlights challenges and opportunities for improving cyber security governance and policy in both countries. The findings emphasize the need for tailored solutions due to the differing cultural and economic contexts between Saudi Arabia and the UK. Specifically, the study delves into the awareness and implementation of cyber security measures, focusing on SMEs in Saudi Arabia and their adherence to the Essential Cyber Security Controls (ECC-1:2018) guidelines. Furthermore, it examines the existing cyber security awareness practices and compliance in the UK, while also comparing official guidance documents aimed at supporting SMEs in achieving better cyber security practices. Based on the analysis, greater engagement with these documents is recommended in both countries to foster awareness, confidence, and compliance among SMEs, ultimately enhancing their cyber security posture. This paper offers a comparative research study on governance and policy between Saudi Arabia and the UK, presenting a set of recommendations to strengthen cyber security awareness and education, fortify regulatory frameworks, and foster public–private partnerships to combat cyber security threats in the Industry 5.0 landscape.
AB - The emergence of Industry 5.0 has revolutionized technology by integrating physical systems with digital networks. These advancements have also led to an increase in cyber threats, posing significant risks, particularly for small and medium-sized enterprises (SMEs). This research investigates the resistance of SMEs in Saudi Arabia and the United Kingdom (UK) to cyber security measures within the context of Industry 5.0, with a specific focus on governance and policy. It explores the cultural and economic factors contributing to this resistance, such as limited awareness of cyber security risks, financial constraints, and competing business priorities. Additionally, the study examines the role of government policies and regulations in promoting cyber security practices among SMEs and compares the approaches adopted by Saudi Arabia and the UK. By employing a mixed methods analysis, including interviews with SME owners and experts, the research highlights challenges and opportunities for improving cyber security governance and policy in both countries. The findings emphasize the need for tailored solutions due to the differing cultural and economic contexts between Saudi Arabia and the UK. Specifically, the study delves into the awareness and implementation of cyber security measures, focusing on SMEs in Saudi Arabia and their adherence to the Essential Cyber Security Controls (ECC-1:2018) guidelines. Furthermore, it examines the existing cyber security awareness practices and compliance in the UK, while also comparing official guidance documents aimed at supporting SMEs in achieving better cyber security practices. Based on the analysis, greater engagement with these documents is recommended in both countries to foster awareness, confidence, and compliance among SMEs, ultimately enhancing their cyber security posture. This paper offers a comparative research study on governance and policy between Saudi Arabia and the UK, presenting a set of recommendations to strengthen cyber security awareness and education, fortify regulatory frameworks, and foster public–private partnerships to combat cyber security threats in the Industry 5.0 landscape.
KW - ECC
KW - ISO27001
KW - Industry 5.0
KW - Saudi Arabia
KW - United Kingdom
KW - awareness
KW - compliance
KW - culture
KW - cyber essentials
KW - cyber security
KW - cyber security controls
KW - governance
KW - policy
KW - security mindset
KW - small and medium-sized enterprises (SMEs)
UR - http://www.scopus.com/inward/record.url?scp=85177676465&partnerID=8YFLogxK
U2 - 10.3390/digital3030014
DO - 10.3390/digital3030014
M3 - Article
AN - SCOPUS:85177676465
SN - 2673-6470
VL - 3
SP - 200
EP - 231
JO - Digital
JF - Digital
IS - 3
ER -