To read this content please select one of the options below:

Experts’ feedback on the cybersecurity footprint elements: in pursuit of a quantifiable measure of SMBs’ cybersecurity posture

Ruti Gafni (School of Information Systems, Academic College of Tel Aviv-Yaffo, Tel Aviv, Israel)
Yair Levy (College of Computing and Engineering, Nova Southeastern University – Fort Lauderdale/Davie Campus, Fort Lauderdale, Florida, USA)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 4 July 2023

Issue publication date: 16 November 2023

361

Abstract

Purpose

While data breaches are reported daily, organizations are struggling with quantifying their cybersecurity posture. This paper aims to introduce the Universal Cybersecurity Footprint Index (UCFI), an organizational measure of Cybersecurity Footprint. The UCFI helps organizations understand the challenges related to their overall cybersecurity posture and be able to assess it for their supply chain cybersecurity. The Theory of Cybersecurity Footprint states that the risk and damage that can be caused by an attacked organization are not related to the size of the organization but to a range of parameters that may affect the interconnected entities in their supply chain.

Design/methodology/approach

Based on the 26 elements found in prior research, a survey was conducted, using 27 subject matter experts to reveal the most relevant elements and then specify their importance level to calculate their relative weight.

Findings

Results indicated that 20 of the 26 elements were validated, and their weights were calculated. Finally, an equation representing the UCFI for an organization is introduced.

Practical implications

Organizations can choose their partners according to a minimum value of the UCFI to reduce their cybersecurity risks.

Social implications

Supply chain cybersecurity incidents have demonstrated in the past several years to provide a massive impact on society. Thus, further assisting in mitigation of cyberattacks to the supply chain is significant.

Originality/value

This research aims to provide further assistance for organizations in quantifying their cybersecurity footprint in effort to help reduce cyber incidents, especially those for small organizations.

Keywords

Citation

Gafni, R. and Levy, Y. (2023), "Experts’ feedback on the cybersecurity footprint elements: in pursuit of a quantifiable measure of SMBs’ cybersecurity posture", Information and Computer Security, Vol. 31 No. 5, pp. 601-623. https://doi.org/10.1108/ICS-05-2023-0083

Publisher

:

Emerald Publishing Limited

Copyright © 2023, Emerald Publishing Limited

Related articles