To read this content please select one of the options below:

Investing in security-as-a-service for e-commerce infrastructure by small and medium enterprises: a Monte Carlo approach

Derek L. Nazareth (Lubar School of Business, University of Wisconsin-Milwaukee, Milwaukee, Wisconsin, USA)
Jae Choi (Kelce College of Business, Pittsburg State University, Pittsburg, Kansas, USA)
Thomas Ngo-Ye (College of Business Administration, Alabama State University, Montgomery, Alabama, USA)

Journal of Systems and Information Technology

ISSN: 1328-7265

Article publication date: 9 April 2024

Issue publication date: 7 May 2024




This paper aims to examine the conditions under which small and medium enterprises (SMEs) invest in security services when they migrate their e-commerce applications to the cloud environment. Using a risk management perspective, the paper assesses the impact of security service pricing, security incident prevalence and virulence to estimate SME security spending at the market level and draw out implications for SMEs and security service providers.


Security risks are inherently characterized by uncertainty. This study uses a Monte Carlo approach to understand the role of uncertainty in the decision to adopt security services. A model relating key security constructs is assembled based on key constructs from the domain. By manipulating security service costs and security incident types, the model estimates the market-level adoption of services, security incidents and damages incurred, along with measures of their relative dispersion.


Three key findings emerge from this study. First, adoption of services and protection is higher when tiered security services are provided, indicating that SMEs prefer to choose their security services rather than accept uniformly priced products. Second, SMEs are considered price-sensitive, resulting in a maximum level of spending in the market. Third, results indicate that security incidents and damages can be much higher than the mean in some cases, and this should serve as a cautionary note to SMEs.


Security spending has been modeled at the firm level. Adopting a market-level perspective represents a novel contribution. Additionally, the Monte Carlo approach provides managers with tangible measures of uncertainty, affording additional information and insight when making security service adoption decisions.



Nazareth, D.L., Choi, J. and Ngo-Ye, T. (2024), "Investing in security-as-a-service for e-commerce infrastructure by small and medium enterprises: a Monte Carlo approach", Journal of Systems and Information Technology, Vol. 26 No. 2, pp. 257-275.



Emerald Publishing Limited

Copyright © 2024, Emerald Publishing Limited

Related articles