{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T17:48:31Z","timestamp":1776102511797,"version":"3.50.1"},"reference-count":133,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2019,11,9]],"date-time":"2019-11-09T00:00:00Z","timestamp":1573257600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2019,11,9]],"date-time":"2019-11-09T00:00:00Z","timestamp":1573257600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"published-print":{"date-parts":[[2019,12]]},"DOI":"10.1007\/s10796-019-09959-1","type":"journal-article","created":{"date-parts":[[2019,11,9]],"date-time":"2019-11-09T06:03:20Z","timestamp":1573279400000},"page":"1285-1305","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":87,"title":["Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments"],"prefix":"10.1007","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6375-290X","authenticated-orcid":false,"given":"Margareta","family":"Heidt","sequence":"first","affiliation":[]},{"given":"Jin P.","family":"Gerlach","sequence":"additional","affiliation":[]},{"given":"Peter","family":"Buxmann","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,11,9]]},"reference":[{"issue":"3","key":"9959_CR1","doi-asserted-by":"crossref","first-page":"437","DOI":"10.1111\/j.0347-0520.2004.00371.x","volume":"106","author":"J Agell","year":"2004","unstructured":"Agell, J. (2004). Why are small firms different? Managers\u2019 views. Scandinavian Journal of Economics, 106(3), 437\u2013453.","journal-title":"Scandinavian Journal of Economics"},{"key":"9959_CR2","unstructured":"AIS (2016). Senior Scholars' Basket of Journals. Association for Information Systems (AIS). \nhttps:\/\/aisnet.org\/?SeniorScholarBasket\n\n. Accessed 20 January 2019."},{"issue":"2","key":"9959_CR3","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1016\/0749-5978(91)90020-T","volume":"50","author":"I Ajzen","year":"1991","unstructured":"Ajzen, I. (1991). The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50(2), 179\u2013211.","journal-title":"Organizational Behavior and Human Decision Processes"},{"issue":"4","key":"9959_CR4","doi-asserted-by":"crossref","first-page":"276","DOI":"10.1016\/j.cose.2006.11.004","volume":"26","author":"E Albrechtsen","year":"2007","unstructured":"Albrechtsen, E. (2007). A qualitative study of Users' view on information security. Computers & Security, 26(4), 276\u2013289.","journal-title":"Computers & Security"},{"issue":"2","key":"9959_CR5","first-page":"247","volume":"36","author":"M Alvesson","year":"2011","unstructured":"Alvesson, M., & Sandberg, J. (2011). Generating research questions through Problematization. Academy of Management Review, 36(2), 247\u2013271.","journal-title":"Academy of Management Review"},{"issue":"3","key":"9959_CR6","doi-asserted-by":"crossref","first-page":"893","DOI":"10.25300\/MISQ\/2017\/41.3.10","volume":"41","author":"CM Angst","year":"2017","unstructured":"Angst, C. M., Block, E. S., D'Arcy, J., & Kelley, K. (2017). When do IT security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches. MIS Quarterly, 41(3), 893\u2013916.","journal-title":"MIS Quarterly"},{"issue":"2","key":"9959_CR7","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1108\/13287260810897738","volume":"10","author":"L Arendt","year":"2008","unstructured":"Arendt, L. (2008). Barriers to ICT adoption in SMEs: How to bridge the digital divide? Journal of Systems and Information Technology, 10(2), 93\u2013108.","journal-title":"Journal of Systems and Information Technology"},{"key":"9959_CR8","unstructured":"Auerbach, C., & Silverstein, L. B. (2003). Qualitative Data: An Introduction to Coding and Analysis. New York University Press."},{"issue":"4","key":"9959_CR9","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1057\/palgrave.ejis.3000307","volume":"7","author":"J Ballantine","year":"1998","unstructured":"Ballantine, J., Levy, M., & Powell, P. (1998). Evaluating information Systems in Small and Medium-sized Enterprises: Issues and evidence. European Journal of Information Systems, 7(4), 241\u2013251.","journal-title":"European Journal of Information Systems"},{"key":"9959_CR10","unstructured":"Barrett, B. (2019). Hack Brief: An Astonishing 773 Million Records Exposed in Monster Breach. \nhttps:\/\/www.wired.com\/story\/collection-one-breach-email-accounts-passwords\/\n\n. Accessed 20 January 2019."},{"key":"9959_CR11","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1016\/j.cose.2016.02.007","volume":"59","author":"KA Barton","year":"2016","unstructured":"Barton, K. A., Tejay, G., Lane, M., & Terrell, S. (2016). Information system security commitment: A study of external influences on senior management. Computers & Security, 59, 9\u201325.","journal-title":"Computers & Security"},{"issue":"2","key":"9959_CR12","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1057\/ejis.1991.20","volume":"1","author":"R Baskerville","year":"1991","unstructured":"Baskerville, R. (1991). Risk analysis: An interpretative feasibility tool in justifying information systems security. European Journal of Information Systems, 1(2), 121\u2013130.","journal-title":"European Journal of Information Systems"},{"issue":"4","key":"9959_CR13","doi-asserted-by":"crossref","first-page":"159","DOI":"10.1080\/07421222.2001.11045660","volume":"17","author":"G Bassellier","year":"2001","unstructured":"Bassellier, G., Reich, B. H., & Benbasat, I. (2001). Information technology competence of business managers: A definition and research model. Journal of Management Information Systems, 17(4), 159\u2013182.","journal-title":"Journal of Management Information Systems"},{"key":"9959_CR14","first-page":"385","volume-title":"Handbook of mixed methods in Social & Behavioral Research","author":"P Bazeley","year":"2003","unstructured":"Bazeley, P. (2003). Computerized data analysis for mixed methods research. In A. Tashakkori & C. Teddlie (Eds.), Handbook of mixed methods in Social & Behavioral Research (pp. 385\u2013422). Thousand Oaks: Sage."},{"issue":"11","key":"9959_CR15","doi-asserted-by":"crossref","first-page":"2931","DOI":"10.1016\/j.jbankfin.2006.05.009","volume":"30","author":"T Beck","year":"2006","unstructured":"Beck, T., & Demirguc-Kunt, A. (2006). Small and medium-size enterprises: Access to finance as a growth constraint. Journal of Banking & Finance, 30(11), 2931\u20132943.","journal-title":"Journal of Banking & Finance"},{"issue":"3","key":"9959_CR16","doi-asserted-by":"crossref","first-page":"369","DOI":"10.2307\/248684","volume":"11","author":"I Benbasat","year":"1987","unstructured":"Benbasat, I., Goldstein, D. K., & Mead, M. (1987). The case research strategy in studies of information systems. MIS Quarterly, 11(3), 369\u2013386.","journal-title":"MIS Quarterly"},{"issue":"1","key":"9959_CR17","doi-asserted-by":"crossref","first-page":"3","DOI":"10.2307\/249403","volume":"23","author":"I Benbasat","year":"1999","unstructured":"Benbasat, I., & Zmud, R. W. (1999). Empirical research in information systems: The practice of relevance. MIS Quarterly, 23(1), 3\u201316.","journal-title":"MIS Quarterly"},{"issue":"4","key":"9959_CR18","doi-asserted-by":"crossref","first-page":"471","DOI":"10.1093\/cje\/28.4.471","volume":"28","author":"R Bennett","year":"2004","unstructured":"Bennett, R., & Robson, P. J. A. (2004). The role of trust and contract in the supply of business advice. Cambridge Journal of Economics, 28(4), 471\u2013489.","journal-title":"Cambridge Journal of Economics"},{"key":"9959_CR19","unstructured":"Bharati, P., & Chaudhury, A. (2009). SMEs and Competitiveness: The Role of Information Systems. Management Science and Information Systems Faculty Publication Series, 15, i-ix."},{"issue":"2","key":"9959_CR20","doi-asserted-by":"crossref","first-page":"82","DOI":"10.1177\/030630708200800206","volume":"8","author":"S Birley","year":"1982","unstructured":"Birley, S. (1982). Corporate strategy and the small firm. Journal of General Management, 8(2), 82\u201386.","journal-title":"Journal of General Management"},{"key":"9959_CR21","volume-title":"Qualitative research for education: An introduction to theories and methods","author":"RC Bogdan","year":"2007","unstructured":"Bogdan, R. C., & Biklen, S. K. (2007). Qualitative research for education: An introduction to theories and methods (Vol. 5). Boston: Pearson Education."},{"key":"9959_CR22","unstructured":"Boyes, J., & Irani, Z (2003). Barriers and Problems Affecting Web Infrastructure Development: The Experiences of a UK Small Manufacturing Business. In Proceedings of the 9th Americas Conference on Information Systems, USA."},{"issue":"1","key":"9959_CR23","first-page":"1","volume":"16","author":"A Bradshaw","year":"2013","unstructured":"Bradshaw, A., Cragg, P., & Pulakanam, V. (2013). Do IS consultants enhance IS competences in SMEs? Electronic Journal of Information Systems Evaluation, 16(1), 1\u201323.","journal-title":"Electronic Journal of Information Systems Evaluation"},{"issue":"1","key":"9959_CR24","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1023\/A:1007912100301","volume":"9","author":"PJ Buckley","year":"1997","unstructured":"Buckley, P. J. (1997). International technology transfer by small and medium-sized enterprises. Small Business Economics, 9(1), 67\u201378.","journal-title":"Small Business Economics"},{"key":"9959_CR25","unstructured":"Business Week (1990). Is Research in the Ivory Tower 'Fuzzy, Irrelevant, Pretentious?, pp. 62\u201366."},{"issue":"2","key":"9959_CR26","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1057\/palgrave.ejis.3000454","volume":"12","author":"MM Caldeira","year":"2003","unstructured":"Caldeira, M. M., & Ward, J. M. (2003). Using resource-based theory to interpret the successful adoption and use of information systems and Technology in Manufacturing Small and Medium-sized Enterprises. European Journal of Information Systems, 12(2), 127\u2013141.","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"9959_CR27","doi-asserted-by":"crossref","first-page":"309","DOI":"10.1093\/rof\/rfp003","volume":"13","author":"S Carbo-Valverde","year":"2007","unstructured":"Carbo-Valverde, S., Rodriguez-Fernandez, F., & Udell, G. F. (2007). Bank market power and SME financing constraints. Review of Finance, 13(2), 309\u2013340.","journal-title":"Review of Finance"},{"issue":"1","key":"9959_CR28","doi-asserted-by":"crossref","first-page":"123","DOI":"10.2308\/aud.2004.23.1.123","volume":"23","author":"JR Casterella","year":"2004","unstructured":"Casterella, J. R., Francis, J. R., Lewis, B. L., & Walker, P. L. (2004). Auditor industry specialization, client bargaining power, and audit pricing. Auditing: A Journal of Practice & Theory, 23(1), 123\u2013140.","journal-title":"Auditing: A Journal of Practice & Theory"},{"issue":"2","key":"9959_CR29","doi-asserted-by":"crossref","first-page":"281","DOI":"10.2753\/MIS0742-1222250211","volume":"25","author":"H Cavusoglu","year":"2008","unstructured":"Cavusoglu, H., Raghunathan, S., & Yue, W. T. (2008). Decision-theoretic and game-theoretic approaches to IT security investment. Journal of Management Information Systems, 25(2), 281\u2013304.","journal-title":"Journal of Management Information Systems"},{"issue":"4","key":"9959_CR30","doi-asserted-by":"crossref","first-page":"579","DOI":"10.1007\/s10796-010-9232-6","volume":"13","author":"KC Chang","year":"2011","unstructured":"Chang, K. C., & Wang, C. P. (2011). Information systems resources and information security. Information Systems Frontiers, 13(4), 579\u2013593.","journal-title":"Information Systems Frontiers"},{"key":"9959_CR31","volume-title":"The entrepreneurial personality. Concepts, cases, and categories (Vol. 1, Routledge small business series)","author":"E Chell","year":"1991","unstructured":"Chell, E., Haworth, J. M., & Brearley, S. A. (1991). The entrepreneurial personality. Concepts, cases, and categories (Vol. 1, Routledge small business series). London: Routledge."},{"key":"9959_CR32","unstructured":"Chen, H., Lee, M., & Wilson, N. (2007). Resource Constraints Related to Emerging Integration Technologies Adoption: The Case of Small and Medium-Sized Enterprises. In Proceedings of the 13th Americas Conference on Information Systems, Keystone, Colorado."},{"issue":"2","key":"9959_CR33","doi-asserted-by":"crossref","first-page":"397","DOI":"10.2307\/23044049","volume":"35","author":"P Chen","year":"2011","unstructured":"Chen, P., Kataria, G., & Krishnan, R. (2011). Correlated failures, diversification, and information security risk management. MIS Quarterly, 35(2), 397\u2013A393.","journal-title":"MIS Quarterly"},{"key":"9959_CR34","unstructured":"Cisco (2018). Small and Mighty - How Small and Midmarket Businesses Can Fortify Their Defenses Against Today\u2019s Threats. \nhttps:\/\/www.cisco.com\/c\/dam\/en\/us\/products\/collateral\/security\/small-mighty-threat.pdf\n\n. Accessed 20 February."},{"key":"9959_CR35","unstructured":"Coden, M., Madnick, S., Pentland, A., & Yousuf, S. (2016). How to Prepare for the Cyberattack that is Coming to your Company. \nhttps:\/\/www.cio.com\/article\/3185725\/security\/9-biggest-information-security-threats-through-2019.html\n\n. Accessed 20 February 2019."},{"issue":"1","key":"9959_CR36","first-page":"104","volume":"1","author":"HM Cooper","year":"1988","unstructured":"Cooper, H. M. (1988). Organizing knowledge syntheses: A taxonomy of literature reviews. Knowledge in Society, 1(1), 104\u2013126.","journal-title":"Knowledge in Society"},{"issue":"8","key":"9959_CR37","doi-asserted-by":"crossref","first-page":"353","DOI":"10.1016\/j.im.2011.08.003","volume":"48","author":"P Cragg","year":"2011","unstructured":"Cragg, P., Caldeira, M., & Ward, J. (2011). Organizational information systems competences in small and medium-sized enterprises. Information & Management, 48(8), 353\u2013363.","journal-title":"Information & Management"},{"issue":"4","key":"9959_CR38","doi-asserted-by":"crossref","first-page":"617","DOI":"10.1111\/jsbm.12001","volume":"51","author":"P Cragg","year":"2013","unstructured":"Cragg, P., Mills, A., & Suraweera, T. (2013). The influence of IT management sophistication and IT support on IT success in small and medium-sized enterprises. Journal of Small Business Management, 51(4), 617\u2013636.","journal-title":"Journal of Small Business Management"},{"key":"9959_CR39","volume-title":"Qualitative inquiry and research design: Choosing among five traditions","author":"JW Creswell","year":"1998","unstructured":"Creswell, J. W. (1998). Qualitative inquiry and research design: Choosing among five traditions. London: Sage."},{"issue":"2","key":"9959_CR40","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1046\/j.1365-2575.2001.00099.x","volume":"11","author":"G Dhillon","year":"2001","unstructured":"Dhillon, G., & Backhouse, J. (2001). Current directions in IS security research. Towards socio-organizational perspectives. Information Systems Journal, 11(2), 127\u2013153.","journal-title":"Information Systems Journal"},{"issue":"3","key":"9959_CR41","doi-asserted-by":"crossref","first-page":"293","DOI":"10.1111\/j.1365-2575.2006.00219.x","volume":"16","author":"G Dhillon","year":"2006","unstructured":"Dhillon, G., & Torkzadeh, G. (2006). Value-focused assessment of information system security in organizations. Information Systems Journal, 16(3), 293\u2013314.","journal-title":"Information Systems Journal"},{"issue":"4","key":"9959_CR42","doi-asserted-by":"crossref","first-page":"311","DOI":"10.1023\/B:SBEJ.0000032036.90353.1f","volume":"23","author":"RR Dholakia","year":"2004","unstructured":"Dholakia, R. R., & Kshetri, N. (2004). Factors impacting the adoption of the internet among SMEs. Small Business Economics, 23(4), 311\u2013322.","journal-title":"Small Business Economics"},{"key":"9959_CR43","unstructured":"Dojkovski, S., Lichtenstein, S., & Warren, M. J. (2007). Fostering Information Security Culture in Small and Medium Size Enterprises: An Interpretive Study in Australia. In Proceedings of the 15th European Conference on Information Systems, St Gallen, Switzerland."},{"issue":"1","key":"9959_CR44","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1007\/s10257-017-0342-2","volume":"16","author":"A Drechsler","year":"2018","unstructured":"Drechsler, A., & Wei\u00dfsch\u00e4del, S. (2018). An IT strategy development framework for small and medium enterprises. Information Systems and e-Business Management, 16(1), 93\u2013124.","journal-title":"Information Systems and e-Business Management"},{"issue":"3","key":"9959_CR45","doi-asserted-by":"crossref","first-page":"239","DOI":"10.1016\/S0263-2373(99)00003-1","volume":"17","author":"S Dutta","year":"1999","unstructured":"Dutta, S., & Evrard, P. (1999). Information technology and organisation within European small enterprises. European Management Journal, 17(3), 239\u2013251.","journal-title":"European Management Journal"},{"key":"9959_CR46","unstructured":"Dwivedi, Y. K., Rana, N. P., Jeyaraj, A., Clement, M., & Williams, M. D. (2017). Re-examining the Unified Theory of Acceptance and Use of Technology (UTAUT): Towards a Revised Theoretical Model. Information Systems Frontiers, 1\u201316."},{"key":"9959_CR47","unstructured":"European Commission (2003). Commission Recommendation of 6 May 2003 Concerning the Definition of Micro, Small and Medium-sized Enterprises (Notified under Document Number C(2003) 1422). In European Commission (Ed.): Official Journal of the European Union 46 (L 124)."},{"key":"9959_CR48","unstructured":"Eurostat (2015). Statistics on Small and Medium-sized Enterprises - Dependent and Independent SMEs and Large Enterprises. \nhttp:\/\/ec.europa.eu\/eurostat\/statistics-explained\/index.php\/Statistics_on_small_and_medium-sized_enterprises\n\n. Accessed 03 March 2018."},{"key":"9959_CR49","unstructured":"Feeny, D. F., & Willcocks, L. P. (1998). Core IS Capabilities for Exploiting Information Technology. Sloan Management Review (9\u201321)."},{"issue":"3","key":"9959_CR50","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1016\/j.dss.2016.02.012","volume":"86","author":"A Fielder","year":"2016","unstructured":"Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support approaches for cyber security investment. Decision Support Systems, 86(3), 13\u201323.","journal-title":"Decision Support Systems"},{"issue":"1","key":"9959_CR51","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1111\/j.1541-0072.1998.tb01929.x","volume":"26","author":"F Fischer","year":"1998","unstructured":"Fischer, F. (1998). Beyond empiricism: Policy inquiry in post positivist perspective. Policy Studies Journal, 26(1), 129\u2013146.","journal-title":"Policy Studies Journal"},{"key":"9959_CR52","volume-title":"Belief, attitude, intention and behavior: An introduction to theory and research","author":"M Fishbein","year":"1975","unstructured":"Fishbein, M., & Ajzen, I. (1975). Belief, attitude, intention and behavior: An introduction to theory and research. Reading: Addison-Wesley."},{"key":"9959_CR53","volume-title":"Handbook of qualitative research","author":"A Fontana","year":"2000","unstructured":"Fontana, A., & Frey, J. H. (2000). The interview: From structured questions to negotiated text. In N. K. Denzin & Y. S. Lincoln (Eds.), Handbook of qualitative research (Vol. 2). Thousand Oaks: Sage."},{"issue":"2","key":"9959_CR54","doi-asserted-by":"crossref","first-page":"186","DOI":"10.1287\/isre.1050.0053","volume":"16","author":"E Gal-Or","year":"2005","unstructured":"Gal-Or, E., & Ghose, A. (2005). The economic incentives for sharing security information. Information Systems Research, 16(2), 186\u2013208.","journal-title":"Information Systems Research"},{"key":"9959_CR55","volume-title":"The presentation of self in everyday life","author":"E Goffman","year":"1959","unstructured":"Goffman, E. (1959). The presentation of self in everyday life. London: Penguin."},{"issue":"1","key":"9959_CR56","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1016\/0378-7206(91)90024-V","volume":"20","author":"DL Goodhue","year":"1991","unstructured":"Goodhue, D. L., & Straub, D. W. (1991). Security concerns of system users: A study of perceptions of the adequacy of security. Information & Management, 20(1), 13\u201327.","journal-title":"Information & Management"},{"issue":"3","key":"9959_CR57","doi-asserted-by":"crossref","first-page":"567","DOI":"10.2307\/25750692","volume":"34","author":"LA Gordon","year":"2010","unstructured":"Gordon, L. A., Loeb, M. P., & Sohail, T. (2010). Market value of involuntary disclosures concerning information security. MIS Quarterly, 34(3), 567\u2013594.","journal-title":"MIS Quarterly"},{"key":"9959_CR58","unstructured":"Greenberg, A. (2018). The Untold Story of NotPetya, the Most Devastating Cyberattack in History."},{"key":"9959_CR59","volume-title":"Business research methods","author":"S Greener","year":"2008","unstructured":"Greener, S. (2008). Business research methods. London: Ventus Publishing ApS."},{"issue":"3","key":"9959_CR60","doi-asserted-by":"crossref","first-page":"611","DOI":"10.2307\/25148742","volume":"30","author":"S Gregor","year":"2006","unstructured":"Gregor, S. (2006). The nature of theory in information systems. MIS Quarterly, 30(3), 611\u2013642.","journal-title":"MIS Quarterly"},{"issue":"3","key":"9959_CR61","doi-asserted-by":"crossref","first-page":"337","DOI":"10.2753\/MIS0742-1222250310","volume":"25","author":"HSB Herath","year":"2008","unstructured":"Herath, H. S. B., & Herath, T. C. (2008). Investments in Information Security: A real options perspective with Bayesian Postaudit. Journal of Management Information Systems, 25(3), 337\u2013375.","journal-title":"Journal of Management Information Systems"},{"key":"9959_CR62","first-page":"209","volume-title":"A companion to qualitative research","author":"H Hermanns","year":"2004","unstructured":"Hermanns, H. (2004). Interviewing as an activity. In U. Flick, E. von Kardoff, & I. Steinke (Eds.), A companion to qualitative research (pp. 209\u2013213). London: Sage."},{"issue":"4","key":"9959_CR63","doi-asserted-by":"crossref","first-page":"78","DOI":"10.1177\/0266242601194005","volume":"19","author":"C Howorth","year":"2001","unstructured":"Howorth, C. (2001). Small firms demand for finance: A research note. International Small Business Journal, 19(4), 78\u201386.","journal-title":"International Small Business Journal"},{"issue":"2","key":"9959_CR64","doi-asserted-by":"crossref","first-page":"140","DOI":"10.1057\/ejis.2009.7","volume":"18","author":"CW Hsu","year":"2009","unstructured":"Hsu, C. W. (2009). Frame misalignment. Interpreting the implementation of information systems security certification in an organization. European Journal of Information Systems, 18(2), 140\u2013150.","journal-title":"European Journal of Information Systems"},{"issue":"3","key":"9959_CR65","doi-asserted-by":"crossref","first-page":"918","DOI":"10.1287\/isre.1110.0393","volume":"23","author":"CW Hsu","year":"2012","unstructured":"Hsu, C. W., Lee, J. N., & Straub, D. W. (2012). Institutional influences on information systems security innovations. Information Systems Research, 23(3), 918\u2013939.","journal-title":"Information Systems Research"},{"issue":"2","key":"9959_CR66","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1016\/j.jsis.2007.05.004","volume":"16","author":"Q Hu","year":"2007","unstructured":"Hu, Q., Hart, P., & Cooke, D. (2007). The role of external and internal influences on information systems security \u2013 A neo-institutional perspective. Journal of Strategic Information Systems, 16(2), 153\u2013172.","journal-title":"Journal of Strategic Information Systems"},{"issue":"3","key":"9959_CR67","doi-asserted-by":"crossref","first-page":"117","DOI":"10.2753\/MIS0742-1222290304","volume":"29","author":"KL Hui","year":"2012","unstructured":"Hui, K. L., Hui, W., & Yue, W. T. (2012). Information security outsourcing with system interdependency and mandatory security requirement. Journal of Management Information Systems, 29(3), 117\u2013156.","journal-title":"Journal of Management Information Systems"},{"key":"9959_CR68","doi-asserted-by":"crossref","unstructured":"Kam, H. J., Mattson, T., & Goel, S. (2019). A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness. Information Systems Frontiers, 1\u201324.","DOI":"10.1007\/s10796-019-09927-9"},{"key":"9959_CR69","volume-title":"Qualitative research methods for evaluating computer information systems","author":"B Kaplan","year":"1994","unstructured":"Kaplan, B., & Maxwell, J. A. (1994). Evaluating health care information systems: Methods and applications. In J. G. Anderson, C. E. Ayden, & S. J. Jay (Eds.), Qualitative research methods for evaluating computer information systems. Thousand Oaks: Sage."},{"key":"9959_CR70","unstructured":"Kaspersky (2017). New Threats, New Mindset: Being Risk Ready in a World of Complex Attacks. How to Address Incident Response Challenges. \nhttps:\/\/www.kaspersky.com\/blog\/incident-response-report\/\n\n. Accessed 12 March 2018."},{"issue":"2","key":"9959_CR71","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1201\/1078\/45099.22.2.20050301\/87273.2","volume":"22","author":"S Keller","year":"2005","unstructured":"Keller, S., Powell, A., Horstmann, B., Predmore, C., & Crawford, M. (2005). Information security threats and practices in small businesses. Information Systems Management, 22(2), 7\u201319.","journal-title":"Information Systems Management"},{"issue":"2","key":"9959_CR72","doi-asserted-by":"crossref","first-page":"241","DOI":"10.2753\/MIS0742-1222250210","volume":"25","author":"RL Kumar","year":"2008","unstructured":"Kumar, R. L., Park, S., & Subramaniam, C. (2008). Understanding the value of countermeasure portfolios in information systems security. Journal of Management Information Systems, 25(2), 241\u2013279.","journal-title":"Journal of Management Information Systems"},{"issue":"2","key":"9959_CR73","doi-asserted-by":"crossref","first-page":"457","DOI":"10.25300\/MISQ\/2014\/38.2.06","volume":"38","author":"J Kwon","year":"2014","unstructured":"Kwon, J., & Johnson, M. E. (2014). Proactive versus reactive security Investments in the Healthcare Sector. MIS Quarterly, 38(2), 457\u2013471.","journal-title":"MIS Quarterly"},{"issue":"2","key":"9959_CR74","doi-asserted-by":"crossref","first-page":"295","DOI":"10.1287\/isre.1120.0447","volume":"24","author":"CH Lee","year":"2013","unstructured":"Lee, C. H., Geng, X., & Raghunathan, S. (2013). Contracting information security in the presence of double moral Hazard. Information Systems Research, 24(2), 295\u2013311.","journal-title":"Information Systems Research"},{"issue":"2","key":"9959_CR75","doi-asserted-by":"crossref","first-page":"177","DOI":"10.1057\/ejis.2009.11","volume":"18","author":"Y Lee","year":"2009","unstructured":"Lee, Y., & Larsen, K. R. (2009). Threat or coping appraisal: Determinants of SMB Executives' decision to adopt anti-malware software. European Journal of Information Systems, 18(2), 177\u2013187.","journal-title":"European Journal of Information Systems"},{"issue":"4","key":"9959_CR76","doi-asserted-by":"crossref","first-page":"993","DOI":"10.25300\/MISQ\/2013\/37.4.01","volume":"37","author":"PB Lowry","year":"2013","unstructured":"Lowry, P. B., Moody, G. D., Gaskin, J., Galletta, D. F., Humphreys, S. L., Barlow, J. B., et al. (2013). Evaluation journal quality and the Association for Information Systems Senior Scholars' journal basket via bibliometric measures: Do expert journal assessments add value? MIS Quarterly, 37(4), 993\u20131012.","journal-title":"MIS Quarterly"},{"issue":"1","key":"9959_CR77","first-page":"27","volume":"7","author":"RC MacGregor","year":"2003","unstructured":"MacGregor, R. C. (2003). Strategic Alliance and perceived barriers to electronic commerce adoption in SMEs. Journal of Systems and Information Technology, 7(1), 27\u201347.","journal-title":"Journal of Systems and Information Technology"},{"issue":"4","key":"9959_CR78","doi-asserted-by":"crossref","first-page":"510","DOI":"10.1108\/14626000510628199","volume":"12","author":"RC MacGregor","year":"2005","unstructured":"MacGregor, R. C., & Vrazalic, L. (2005). A basic model of electronic commerce adoption barriers: A study of regional small businesses in Sweden and Australia. Journal of Small Business and Enterprise Development, 12(4), 510\u2013527.","journal-title":"Journal of Small Business and Enterprise Development"},{"issue":"1","key":"9959_CR79","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1080\/08874417.2013.11645667","volume":"54","author":"B Marshall","year":"2013","unstructured":"Marshall, B., Cardon, P., Poddar, A., & Fontenot, R. (2013). Does sample size matter in qualitative research? A review of qualitative interviews in IS research. Journal of Computer Information Systems, 54(1), 11\u201322.","journal-title":"Journal of Computer Information Systems"},{"key":"9959_CR80","doi-asserted-by":"crossref","first-page":"519","DOI":"10.1016\/j.ijpe.2016.09.018","volume":"182","author":"S Mayadunne","year":"2016","unstructured":"Mayadunne, S., & Park, S. (2016). An economic model to evaluate information security Investment of Risk-taking Small and Medium Enterprises. International Journal of Production Economics, 182, 519\u2013530.","journal-title":"International Journal of Production Economics"},{"issue":"2","key":"9959_CR81","doi-asserted-by":"crossref","first-page":"283","DOI":"10.2307\/25148636","volume":"28","author":"N Melville","year":"2004","unstructured":"Melville, N., Kraemer, K., & Gurbaxani, V. (2004). Information technology and organizational performance: An integrative model of IT business value. MIS Quarterly, 28(2), 283\u2013322.","journal-title":"MIS Quarterly"},{"key":"9959_CR82","volume-title":"Qualitative data analysis: An expanded sourcebook","author":"MB Miles","year":"1994","unstructured":"Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis: An expanded sourcebook. Beverly Hills: Sage."},{"key":"9959_CR83","volume-title":"Qualitative data analysis. A methods sourcebook (Vol. 3)","author":"MB Miles","year":"2013","unstructured":"Miles, M. B., Huberman, A. M., & Saldana, J. (2013). Qualitative data analysis. A methods sourcebook (Vol. 3). Los Angeles: Sage."},{"key":"9959_CR84","doi-asserted-by":"crossref","first-page":"322","DOI":"10.1007\/978-1-349-20317-8_23","volume-title":"Readings in Strategic Management","author":"Henry Mintzberg","year":"1989","unstructured":"Mintzberg, H. (1989). The Structuring of Organizations. In: Readings in Strategic Management (pp. 322\u2013352). London: Palgrave."},{"key":"9959_CR85","unstructured":"Moore, S., & Keen, E. (2018). Gartner Forecasts Worldwide Information Security Spending to Exceed $124 Billion in 2019: Detection, Response and Privacy Driving Demand for Security Products and Services. In Gartner (Ed.). \nhttps:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2018-08-15-gartner-forecasts-worldwide-information-security-spending-to-exceed-124-billion-in-2019\n\n. Accessed 29 January 2019."},{"key":"9959_CR86","volume-title":"Designing funded qualitative research","author":"JM Morse","year":"1994","unstructured":"Morse, J. M. (1994). Designing funded qualitative research. Thousand Oaks: Sage."},{"issue":"2","key":"9959_CR87","doi-asserted-by":"crossref","first-page":"44","DOI":"10.4018\/IJSS.2017070104","volume":"3","author":"S Muehe","year":"2017","unstructured":"Muehe, S., & Drechsler, A. (2017). Towards a framework to improve IT security and IT risk Management in Small and Medium Enterprises. International Journal of Systems and Society, 3(2), 44\u201356.","journal-title":"International Journal of Systems and Society"},{"key":"9959_CR88","unstructured":"Ng, B. Y., & Feng, A. E. (2006). An Exploratory Study on Managerial Security Concerns in Technology Start-ups. Proceedings of Pacific Asia Conference on Information Systems, Chiayi, Taiwan."},{"key":"9959_CR89","volume-title":"Small businesses, job creation and growth: Facts, obstacles and best practices","author":"OECD","year":"1997","unstructured":"OECD. (1997). Small businesses, job creation and growth: Facts, obstacles and best practices. Paris: OECD Publishing."},{"key":"9959_CR90","volume-title":"Glossary of statistical terms - small and medium-sized enterprises (SMEs)","author":"OECD","year":"2005","unstructured":"OECD. (2005). Glossary of statistical terms - small and medium-sized enterprises (SMEs). Paris: OECD Publishing."},{"key":"9959_CR91","volume-title":"Financing SMEs and entrepreneurs: An OECD scoreboard. Definition of SMEs in China","author":"OECD","year":"2016","unstructured":"OECD. (2016). Financing SMEs and entrepreneurs: An OECD scoreboard. Definition of SMEs in China. Paris: OECD Publishing."},{"key":"9959_CR92","doi-asserted-by":"crossref","DOI":"10.1787\/9789264275683-en","volume-title":"Small, medium, strong. Trends in SME performance and business conditions","author":"OECD","year":"2017","unstructured":"OECD. (2017). Small, medium, strong. Trends in SME performance and business conditions. Paris: OECD Publishing."},{"issue":"2","key":"9959_CR93","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1016\/j.im.2014.08.008","volume":"52","author":"G Par\u00e9","year":"2015","unstructured":"Par\u00e9, G., Trudel, M. C., Jaana, M., & Kitsiou, S. (2015). Synthesizing information systems knowledge: A typology of literature reviews. Information & Management, 52(2), 183\u2013199.","journal-title":"Information & Management"},{"issue":"5","key":"9959_CR94","doi-asserted-by":"crossref","first-page":"333","DOI":"10.1023\/B:SBEJ.0000022208.34741.55","volume":"22","author":"L Piscitello","year":"2004","unstructured":"Piscitello, L., & Sgobbi, F. (2004). Globalisation, E-business and SMEs: Evidence from the Italian District of Prato. Small Business Economics, 22(5), 333\u2013347.","journal-title":"Small Business Economics"},{"issue":"4","key":"9959_CR95","doi-asserted-by":"crossref","first-page":"269","DOI":"10.1016\/S0378-7206(02)00010-1","volume":"40","author":"CK Riemenschneider","year":"2003","unstructured":"Riemenschneider, C. K., Harrison, D. A., & Mykytyn Jr., P. P. (2003). Understanding IT adoption decisions in small business: Integrating current theories. Information & Management, 40(4), 269\u2013285.","journal-title":"Information & Management"},{"issue":"2","key":"9959_CR96","first-page":"iii","volume":"38","author":"S Rivard","year":"2014","unstructured":"Rivard, S. (2014). Editor's comments: The ions of theory construction. MIS Quarterly, 38(2), iii\u2013xiv.","journal-title":"MIS Quarterly"},{"key":"9959_CR97","first-page":"153","volume-title":"Social psychophysiology: A sourcebook","author":"R Rogers","year":"1983","unstructured":"Rogers, R. (1983). Cognitive and physiological processes in fear-based attitude change: A revised theory of protection motivation. In C. J & R. Petty (Eds.), Social psychophysiology: A sourcebook (pp. 153\u2013176). New York: Guilford Press."},{"key":"9959_CR98","volume-title":"The coding manual for qualitative researchers","author":"J Salda\u00f1a","year":"2009","unstructured":"Salda\u00f1a, J. (2009). The coding manual for qualitative researchers. London: Sage."},{"issue":"4","key":"9959_CR99","first-page":"iii","volume":"37","author":"S Sarker","year":"2013","unstructured":"Sarker, S., Xiao, X., & Beaulieu, T. (2013). Qualitative studies in information systems: A critical review and some guiding principles. MIS Quarterly, 37(4), iii\u2013xviii.","journal-title":"MIS Quarterly"},{"issue":"2","key":"9959_CR100","doi-asserted-by":"crossref","first-page":"314","DOI":"10.1080\/07421222.2015.1063315","volume":"32","author":"R Sen","year":"2015","unstructured":"Sen, R., & Borle, S. (2015). Estimating the contextual risk of data breach: An empirical approach. Journal of Management Information Systems, 32(2), 314\u2013341.","journal-title":"Journal of Management Information Systems"},{"issue":"3","key":"9959_CR101","doi-asserted-by":"crossref","first-page":"303","DOI":"10.1057\/palgrave.ejis.3000537","volume":"14","author":"M Siponen","year":"2005","unstructured":"Siponen, M. (2005). An analysis of the traditional IS security approaches: Implications for research and practice. European Journal of Information Systems, 14(3), 303\u2013315.","journal-title":"European Journal of Information Systems"},{"key":"9959_CR102","unstructured":"Sonnenschein, R., Loske, A., & Buxmann, P. (2017). The Role of Top Managers\u2019 IT Security Awareness in Organizational IT Security Management. In Proceedings of the 38th International Conference on Information Systems, Seoul, South Korea."},{"issue":"3","key":"9959_CR103","doi-asserted-by":"crossref","first-page":"503","DOI":"10.2307\/25750689","volume":"34","author":"JL Spears","year":"2010","unstructured":"Spears, J. L., & Barki, H. (2010). User participation in information systems security risk management. MIS Quarterly, 34(3), 503\u2013522.","journal-title":"MIS Quarterly"},{"issue":"3","key":"9959_CR104","doi-asserted-by":"crossref","first-page":"381","DOI":"10.1108\/14626000610680262","volume":"13","author":"R Stockdale","year":"2006","unstructured":"Stockdale, R., & Standing, C. (2006). A classification model to support SME E-commerce adoption initiatives. Journal of Small Business and Enterprise Development, 13(3), 381\u2013394.","journal-title":"Journal of Small Business and Enterprise Development"},{"issue":"3","key":"9959_CR105","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1287\/isre.1.3.255","volume":"1","author":"DW Straub","year":"1990","unstructured":"Straub, D. W. (1990). Effective IS security: An empirical study. Information Systems Research, 1(3), 255\u2013276.","journal-title":"Information Systems Research"},{"issue":"4","key":"9959_CR106","doi-asserted-by":"crossref","first-page":"441","DOI":"10.2307\/249551","volume":"22","author":"DW Straub","year":"1998","unstructured":"Straub, D. W., & Welke, R. J. (1998). Coping with systems risk: Security planning models for management decision making. MIS Quarterly, 22(4), 441\u2013469.","journal-title":"MIS Quarterly"},{"issue":"4","key":"9959_CR107","doi-asserted-by":"crossref","first-page":"109","DOI":"10.2753\/MIS0742-1222220405","volume":"22","author":"L Sun","year":"2006","unstructured":"Sun, L., Srivastava, R. P., & Mock, T. J. (2006). An information systems security risk assessment model under the Dempster-Shafer theory of belief functions. Journal of Management Information Systems, 22(4), 109\u2013142.","journal-title":"Journal of Management Information Systems"},{"key":"9959_CR108","unstructured":"Teo, T. L., Chan, C., & Parker, C. (2004). Factors Affecting e-Commerce Adoption by SMEs: A Meta-Analysis. In Proceedings of the Australasian Conference on Information Systems, Hobart, Australia."},{"issue":"4","key":"9959_CR109","doi-asserted-by":"crossref","first-page":"187","DOI":"10.1080\/07421222.1999.11518227","volume":"15","author":"JYL Thong","year":"1999","unstructured":"Thong, J. Y. L. (1999). An integrated model of information systems adoption in small businesses. Journal of Management Information Systems, 15(4), 187\u2013214.","journal-title":"Journal of Management Information Systems"},{"issue":"2","key":"9959_CR110","first-page":"143","volume":"29","author":"JYL Thong","year":"2001","unstructured":"Thong, J. Y. L. (2001). Resource constraints and information systems implementation in Singaporean small businesses. The International Journal of Management Science, 29(2), 143\u2013156.","journal-title":"The International Journal of Management Science"},{"issue":"4","key":"9959_CR111","doi-asserted-by":"crossref","first-page":"429","DOI":"10.1016\/0305-0483(95)00017-I","volume":"23","author":"JYL Thong","year":"1995","unstructured":"Thong, J. Y. L., & Yap, C. S. (1995). CEO characteristics, organizational characteristics and information technology adoption in small businesses. Omega International Journal of Management Science, 23(4), 429\u2013442.","journal-title":"Omega International Journal of Management Science"},{"key":"9959_CR112","unstructured":"United Nations (2008). International Standard Industrial Classification of All Economic Activities, Rev.4. In United Nations Division (Ed.). New York."},{"key":"9959_CR113","unstructured":"United States Business Administration (2018). US Small Business Profile. Office of Advocacy. \nhttps:\/\/www.sba.gov\/sites\/default\/files\/advocacy\/2018-Small-Business-Profiles-US.pdf\n\n. Accessed 8 January 2019."},{"key":"9959_CR114","unstructured":"USITC (2010). Small and Medium-sized Enterprises: Overview of Participation in U.S. Exports. Investigation No. 332\u2013508 (Vol. 4125). Washington: USITC Publication."},{"issue":"2","key":"9959_CR115","doi-asserted-by":"crossref","first-page":"134","DOI":"10.1111\/j.1540-627X.2004.00102.x","volume":"42","author":"FJ Verhees","year":"2004","unstructured":"Verhees, F. J., & Meulenberg, M. T. (2004). Market orientation, innovativeness, product innovation, and performance in small firms. Journal of Small Business Management, 42(2), 134\u2013154.","journal-title":"Journal of Small Business Management"},{"key":"9959_CR116","unstructured":"vom Brocke, J., Simons, A., Niehaves, B., Riemer, K., Plattfaut, R., & Cleven, A. (2009). Reconstructing the Giant: On the Importance of Rigour in Documenting the Literature Search Process. In Proceedings of the 17th European Conference on Information Systems, Vienna, Austria."},{"issue":"1","key":"9959_CR117","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1287\/isre.1070.0143","volume":"19","author":"J Wang","year":"2008","unstructured":"Wang, J., Chaudhury, A., & Rao, H. R. (2008). A value-at-risk approach to information security investment. Information Systems Research, 19(1), 106\u2013120.","journal-title":"Information Systems Research"},{"issue":"2","key":"9959_CR118","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1287\/isre.1120.0437","volume":"24","author":"T Wang","year":"2013","unstructured":"Wang, T., Kannan, K. N., & Rees Ulmer, J. (2013). The association between the disclosure and the realization of information security risk factors. Information Systems Research, 24(2), 201\u2013218.","journal-title":"Information Systems Research"},{"issue":"2","key":"9959_CR119","first-page":"xiii","volume":"26","author":"J Webster","year":"2002","unstructured":"Webster, J., & Watson, R. T. (2002). Analyzing the past to prepare for the future: Writing a literature review. MIS Quarterly, 26(2), xiii\u2013xxiii.","journal-title":"MIS Quarterly"},{"key":"9959_CR120","unstructured":"Weish\u00e4upl, E., Yasasin, E., & Schryen, G. A. (2015). Multi-theoretical literature review on information security investments using the resource-based view and the organizational learning theory. In Proceedings of the 36th International Conference on Information Systems, Fort Worth, USA."},{"issue":"4","key":"9959_CR121","first-page":"18","volume":"59","author":"JA Welsh","year":"1981","unstructured":"Welsh, J. A., & White, J. F. (1981). A small business is not a little big business. Harvard Business Review, 59(4), 18\u201332.","journal-title":"Harvard Business Review"},{"issue":"4","key":"9959_CR122","first-page":"10","volume":"26","author":"GM West","year":"1975","unstructured":"West, G. M. (1975). MIS in small companies. Journal of Systems Management, 26(4), 10\u201313.","journal-title":"Journal of Systems Management"},{"issue":"2","key":"9959_CR123","doi-asserted-by":"crossref","first-page":"162","DOI":"10.1177\/0165551509354417","volume":"36","author":"T Wielicki","year":"2010","unstructured":"Wielicki, T., & Arendt, L. (2010). A knowledge-driven shift in perception of ICT implementation barriers: Comparative study of US and European SMEs. Journal of Information Science, 36(2), 162\u2013174.","journal-title":"Journal of Information Science"},{"key":"9959_CR124","volume-title":"Transforming qualitative data: Description, analysis, and interpretation","author":"HF Wolcott","year":"1994","unstructured":"Wolcott, H. F. (1994). Transforming qualitative data: Description, analysis, and interpretation. Thousand Oaks: Sage."},{"issue":"2","key":"9959_CR125","doi-asserted-by":"crossref","first-page":"597","DOI":"10.1080\/07421222.2016.1205934","volume":"33","author":"J Wolff","year":"2016","unstructured":"Wolff, J. (2016). Perverse effects in defense of computer systems. When more is less. Journal of Management Information Systems, 33(2), 597\u2013620.","journal-title":"Journal of Management Information Systems"},{"key":"9959_CR126","unstructured":"World Economic Forum (2019). The Global Risks Report 2019. \nhttp:\/\/www3.weforum.org\/docs\/WEF_Global_Risks_Report_2019.pdf\n\n. Accessed 14 February 2019."},{"key":"9959_CR127","unstructured":"WTO (2016). World Trade Report 2016 - Levelling the Trading Field for SMEs. Geneva: WTO Publications. \nhttps:\/\/www.wto.org\/english\/res_e\/booksp_e\/world_trade_report16_e.pdf\n\n. Accessed 20 January 2019."},{"issue":"2","key":"9959_CR128","doi-asserted-by":"crossref","first-page":"253","DOI":"10.1007\/s10796-015-9594-x","volume":"18","author":"CG Yang","year":"2016","unstructured":"Yang, C. G., & Lee, H. J. (2016). A study on the antecedents of healthcare information protection intention. Information Systems Frontiers, 18(2), 253\u2013263.","journal-title":"Information Systems Frontiers"},{"issue":"4","key":"9959_CR129","doi-asserted-by":"crossref","first-page":"360","DOI":"10.1016\/j.ijinfomgt.2010.10.006","volume":"31","author":"E Yildirim","year":"2011","unstructured":"Yildirim, E., Akalp, G., Aytac, S., & Bayram, N. (2011). Factors influencing information security Management in Small-and Medium-sized Enterprises: A case study from Turkey. International Journal of Information Management, 31(4), 360\u2013365.","journal-title":"International Journal of Information Management"},{"issue":"1","key":"9959_CR130","doi-asserted-by":"crossref","first-page":"329","DOI":"10.2753\/MIS0742-1222240110","volume":"24","author":"WT Yue","year":"2007","unstructured":"Yue, W. T., & Cakanyildirim, M. (2007). Intrusion prevention in information systems: Reactive and proactive responses. Journal of Management Information Systems, 24(1), 329\u2013353.","journal-title":"Journal of Management Information Systems"},{"key":"9959_CR131","unstructured":"ZDNet (2015). The Target Breach, Two Years Later. \nhttps:\/\/www.zdnet.com\/article\/the-target-breach-two-years-later\/\n\n. Accessed 24 February 2019."},{"issue":"1","key":"9959_CR132","doi-asserted-by":"crossref","first-page":"123","DOI":"10.2753\/MIS0742-1222300104","volume":"30","author":"X Zhao","year":"2013","unstructured":"Zhao, X., Xue, L., & Whinston, A. B. (2013). Managing interdependent information security risks. Cyberinsurance, managed security services, and risk pooling arrangements. Journal of Management Information Systems, 30(1), 123\u2013152.","journal-title":"Journal of Management Information Systems"},{"key":"9959_CR133","unstructured":"Zurich (2017). As Many as 875,000 UK SMEs Suffer Cyber Security Breach in the last 12 Months. \nhttps:\/\/www.zurich.co.uk\/en\/about-us\/media-centre\/general-insurance-news\/2017\/as-many-as-875000-uk-smes-suffer-cyber-security-breach-in-the-last-12-months\n\n. Accessed 3 April 2018."}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-019-09959-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10796-019-09959-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-019-09959-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,8]],"date-time":"2020-11-08T01:01:01Z","timestamp":1604797261000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10796-019-09959-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,11,9]]},"references-count":133,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2019,12]]}},"alternative-id":["9959"],"URL":"https:\/\/doi.org\/10.1007\/s10796-019-09959-1","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"value":"1387-3326","type":"print"},{"value":"1572-9419","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,11,9]]},"assertion":[{"value":"9 November 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}