SMEs' Confidentiality Concerns for Security Information Sharing

TL;DR

This study explores how online consent options influence SMEs' willingness to share cybersecurity information, highlighting improved motivation and participation in security awareness activities, which enhances overall cybersecurity resilience.

Contribution

The paper demonstrates that multi-option online consent significantly increases SMEs' motivation to share cybersecurity information, addressing confidentiality concerns and facilitating better vulnerability awareness.

Findings

Online consent with multiple options improves motivation for information sharing.

Enhanced participation helps security experts identify common vulnerabilities.

Confidentiality concerns impact SMEs' willingness to share cybersecurity data.

Abstract

Small and medium-sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks. SMEs have specific characteristics which separate them from large companies and influence their adoption of good cybersecurity practices. To mitigate the SMEs' cybersecurity adoption issues and raise their awareness of cyber threats, we have designed a self-paced security assessment and capability improvement method, CYSEC. CYSEC is a security awareness and training method that utilises self-reporting questionnaires to collect companies' information about cybersecurity awareness, practices, and vulnerabilities to generate automated recommendations for counselling. However, confidentiality concerns about cybersecurity information have an impact on companies' willingness to share their information. Security information sharing decreases the risk of incidents and increases users' self-efficacy in security awareness programs. This paper presents the results of semi-structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The results were analysed in respect of the Self Determination Theory. The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing. This allows many SMEs to participate in security information sharing activities and supports security experts to have a better overview of common vulnerabilities. The final publication is available at Springer via https://doi.org/10.1007/978-3-030-57404-8_22