Cyber security best practice guide for SMEs

A best practice guide on cyber security investment decision-making for SMEs.

The Cardiff Centre for Cyber Security Research has published the first version of a Best Practice Guide On Cyber Security Investment Decision-Making for Small and Medium-Sized Enterprises (SMEs) as an outcome of an exploratory study that was funded by the UK National Cyber Security Centre (NCSC) and the Research Institute for Sociotechnical Cyber Security (RISCS).

The research team interviewed UK-based SMEs about their cyber security decision-making practices and then applied rigorous academic analysis to practical knowledge distilled from SMEs. Based on the analysis, the researchers produced a set of practice-inspired and industry-validated recommendations for SMEs on cyber security investment decision-making. The recommendations were validated by SMEs in a focus group. The Best Practice Guide summarises the recommendations for SMEs and will assist them with making well-informed cyber security decisions. The Guide is available for free download both in English and in Welsh.

Please contact Dr Yulia Cherdantseva if you would like to contribute your opinion to the next version of the Guide or if you have questions about this research project.