{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T05:24:10Z","timestamp":1775280250172,"version":"3.50.1"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030343385","type":"print"},{"value":"9783030343392","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-34339-2_20","type":"book-chapter","created":{"date-parts":[[2019,11,18]],"date-time":"2019-11-18T19:04:55Z","timestamp":1574103895000},"page":"362-380","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K."],"prefix":"10.1007","author":[{"given":"Andrew","family":"Rae","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1636-5955","authenticated-orcid":false,"given":"Asma","family":"Patel","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,11,6]]},"reference":[{"issue":"10","key":"20_CR1","doi-asserted-by":"publisher","first-page":"883","DOI":"10.4236\/jsea.2014.710079","volume":"7","author":"J Alqatawna","year":"2014","unstructured":"Alqatawna, J.: The challenge of implementing information security standards in small and medium e-business enterprises. J. Softw. Eng. Appl. 7(10), 883\u2013890 (2014)","journal-title":"J. Softw. Eng. Appl."},{"key":"20_CR2","unstructured":"Bada, M., Sasse, A.M., Nurse, J.R.: Cyber security awareness campaigns: why do they fail to change behaviour? arXiv preprint \n                      arXiv:1901.02672\n                      \n                     (2019)"},{"key":"20_CR3","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1016\/j.cose.2016.02.007","volume":"59","author":"KA Barton","year":"2016","unstructured":"Barton, K.A., et al.: Information system security commitment: a study of external influences on senior management. Comput. Secur. 59, 9\u201325 (2016)","journal-title":"Comput. Secur."},{"key":"20_CR4","unstructured":"BBC News: Food hygiene ratings scheme in wales \u2018a big success\u2019 (2015). \n                      https:\/\/www.bbc.co.uk\/news\/uk-wales-politics-34943449"},{"key":"20_CR5","first-page":"92","volume":"1065","author":"J Blythe","year":"2013","unstructured":"Blythe, J.: Cyber security in the workplace: understanding and promoting behaviour change. Proc. CHItaly Dr. Consort. 1065, 92\u2013101 (2013)","journal-title":"Proc. CHItaly Dr. Consort."},{"key":"20_CR6","unstructured":"Blythe, J.M., Coventry, L., Little, L.: Unpacking security policy compliance: the motivators and barriers of employees\u2019 security behaviors. In: Eleventh Symposium On Usable Privacy and Security, pp. 103\u2013122 (2015)"},{"key":"20_CR7","unstructured":"Connolly, L., Lang, M.: Information systems security: the role of cultural aspects in organizational settings (2013)"},{"key":"20_CR8","unstructured":"Crown Commercial Service - GOV.UK: The SME spend target must go on (2018). \n                      https:\/\/www.gov.uk\/government\/news\/the-sme-spend-target-must-go-on"},{"key":"20_CR9","unstructured":"Cyberaware.gov.uk: Small business reputation and the cyber risk- cyber streetwise and KPMG. Technical report, Cyber Streetwise and KPMG (2015)"},{"key":"20_CR10","doi-asserted-by":"crossref","unstructured":"Dilek, S., \u00c7ak\u0131r, H., Ayd\u0131n, M.: Applications of artificial intelligence techniques to combating cyber crimes: a review. arXiv preprint \n                      arXiv:1502.03552\n                      \n                     (2015)","DOI":"10.5121\/ijaia.2015.6102"},{"key":"20_CR11","unstructured":"Edelman: Trust barometer 2018 - UK findings (2018). \n                      https:\/\/www.edelman.co.uk\/magazine\/posts\/edelman-trust-barometer-2018\/"},{"key":"20_CR12","unstructured":"ENISA: Cyber security information sharing: an overview of regulatory and non-regulatory approaches (2015). \n                      https:\/\/www.enisa.europa.eu\/"},{"key":"20_CR13","unstructured":"Finnerty, K., et al.: Cyber security breaches survey 2018 (2018). \n                      https:\/\/www.gov.uk\/government\/statistics\/cyber-security-breaches-survey-2018"},{"key":"20_CR14","unstructured":"Food Standards Agency - FHRS: Food hygiene rating scheme (2019). \n                      https:\/\/www.food.gov.uk\/safety-hygiene\/food-hygiene-rating-scheme"},{"key":"20_CR15","unstructured":"Gov.uk: Innovate UK widens the appeal of \u00a35,000 vouchers for small firms to seek expert advice (2014). \n                      https:\/\/www.gov.uk\/government\/news\/innovation-vouchers-for-all"},{"issue":"2","key":"20_CR16","doi-asserted-by":"publisher","first-page":"69","DOI":"10.23919\/SAIEE.2013.8531867","volume":"104","author":"T Gundu","year":"2013","unstructured":"Gundu, T., Flowerday, S.: Ignorance to awareness: towards an information security awareness process. SAIEE Afr. Res. J. 104(2), 69\u201379 (2013)","journal-title":"SAIEE Afr. Res. J."},{"key":"20_CR17","unstructured":"Matt Hancock\u2019s cyber security speech at the institute of directors conference, March 2017. \n                      https:\/\/www.gov.uk\/government\/speeches\/matt-hancocks-cyber-security-speech-at-the-institute-of-directors-conference"},{"issue":"3","key":"20_CR18","doi-asserted-by":"publisher","first-page":"303","DOI":"10.30958\/ajbe.2-3-5","volume":"2","author":"R Henson","year":"2016","unstructured":"Henson, R., Garfield, J.: What attitude changes are needed to cause smes to take a strategic approach to information security? Athens J. Bus. Econ. 2(3), 303\u2013318 (2016)","journal-title":"Athens J. Bus. Econ."},{"key":"20_CR19","unstructured":"Henson, R., Garfield, J.: SMEs attitudes to \u201cinformation assurance\u201d and consequences for the digital single market. In: Athens: ATINER\u2019S Conference Paper Series, No: SME2016-2278, pp. 1\u201319. Athens Institute for Education and Research (2017)"},{"key":"20_CR20","unstructured":"ICO: Guide to the general data protection regulation (GDPR), April 2019. \n                      https:\/\/ico.org.uk\/for-organisations\/guide-to-data-protection\/guide-to-the-general-data-protection-regulation-gdpr\/"},{"key":"20_CR21","unstructured":"ISO: ISO\/IEC 27000 family, April 2019. \n                      https:\/\/www.iso.org\/isoiec-27001-information-security.html"},{"key":"20_CR22","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1016\/j.chb.2016.09.012","volume":"66","author":"M Junger","year":"2017","unstructured":"Junger, M., Montoya, L., Overink, F.J.: Priming and warnings are not effective to prevent social engineering attacks. Comput. Hum. Behav. 66, 75\u201387 (2017)","journal-title":"Comput. Hum. Behav."},{"issue":"3","key":"20_CR23","doi-asserted-by":"publisher","first-page":"269","DOI":"10.1080\/10919392.2018.1484598","volume":"28","author":"S Kabanda","year":"2018","unstructured":"Kabanda, S., Tanner, M., Kent, C.: Exploring sme cybersecurity practices in developing countries. J. Organ. Comput. Electron. Commer. 28(3), 269\u2013282 (2018)","journal-title":"J. Organ. Comput. Electron. Commer."},{"issue":"3","key":"20_CR24","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1016\/S1361-3723(15)30017-8","volume":"2015","author":"T Kurpjuhn","year":"2015","unstructured":"Kurpjuhn, T.: The SME security challenge. Comput. Fraud Secur. 2015(3), 5\u20137 (2015)","journal-title":"Comput. Fraud Secur."},{"key":"20_CR25","doi-asserted-by":"publisher","DOI":"10.4324\/9781315588537","volume-title":"Information Security and Employee Behaviour: How to Reduce Risk Through Employee Education, Training and Awareness","author":"A McIlwraith","year":"2016","unstructured":"McIlwraith, A.: Information Security and Employee Behaviour: How to Reduce Risk Through Employee Education, Training and Awareness. Routledge, New York (2016)"},{"key":"20_CR26","unstructured":"NCSC (National Cyber Security Centre): Cyber essentials: the SME spend target must go on, April 2019. \n                      https:\/\/www.cyberessentials.ncsc.gov.uk\/"},{"key":"20_CR27","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1016\/j.cose.2017.05.001","volume":"70","author":"E Osborn","year":"2017","unstructured":"Osborn, E., Simpson, A.: On small-scale IT users\u2019 system architectures and cyber security: a UK case study. Comput. Secur. 70, 27\u201350 (2017)","journal-title":"Comput. Secur."},{"key":"20_CR28","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1016\/j.cose.2018.06.006","volume":"78","author":"K Renaud","year":"2018","unstructured":"Renaud, K., et al.: Is the responsibilization of the cyber security risk reasonable and judicious? Comput. Secur. 78, 198\u2013211 (2018)","journal-title":"Comput. Secur."},{"issue":"7","key":"20_CR29","first-page":"2017","volume":"3","author":"D Risti\u0107","year":"2013","unstructured":"Risti\u0107, D.: A tool for risk assessment. Saf. Eng. 3(7), 2017 (2013)","journal-title":"Saf. Eng."},{"key":"20_CR30","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1016\/j.cose.2015.10.006","volume":"56","author":"NS Safa","year":"2016","unstructured":"Safa, N.S., Von Solms, R., Furnell, S.: Information security policy compliance model in organizations. Comput. Secur. 56, 70\u201382 (2016)","journal-title":"Comput. Secur."},{"key":"20_CR31","unstructured":"Shuttle, M.: Project risk manager: risk matrix sizing: does size really matter? (2017). \n                      https:\/\/www.project-risk-manager.com\/blog\/risk-matrix-sizing\/"},{"key":"20_CR32","unstructured":"Statista: U.K. businesses\u2019 awareness of ISO 27001 in 2017 (2017). \n                      https:\/\/www.statista.com\/statistics\/586556\/iso-27001-awareness-by-united-kingdom-uk-businesses\/"},{"key":"20_CR33","unstructured":"Statista: U.K. businesses\u2019 that are aware of the cyber essentials scheme in 2018 (2018). \n                      https:\/\/www.statista.com\/statistics\/586565\/cyber-essentials-scheme-awareness-by-united-kingdom-uk-businesses\/"},{"key":"20_CR34","unstructured":"Topping, C.: The role of awareness in adoption of government cyber security initiatives: a study of SMEs in the UK (2017)"},{"issue":"1","key":"20_CR35","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1057\/ejis.2013.27","volume":"24","author":"A Tsohou","year":"2015","unstructured":"Tsohou, A., Karyda, M., Kokolakis, S., Kiountouzis, E.: Managing the introduction of information security awareness programmes in organisations. Eur. J. Inf. Syst. 24(1), 38\u201358 (2015)","journal-title":"Eur. J. Inf. Syst."}],"container-title":["Lecture Notes in Computer Science","Information Security Practice and Experience"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-34339-2_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,18]],"date-time":"2019-11-18T19:22:17Z","timestamp":1574104937000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-34339-2_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030343385","9783030343392"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-34339-2_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"6 November 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISPEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security Practice and Experience","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Kuala Lumpur","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Malaysia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 November 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 November 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ispec2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/ccs.research.utar.edu.my\/ispec2019\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"68","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"31% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}