University Of Nottingham Carries Out Study To Assist Small Businesses Improve Cyber Security With Targeted Support

A new research project has been launched to help businesses understand and improve their cyber security and streamline access to targeted support.

Experts from the University of Nottingham’s School of Computer Science have been awarded almost £700,000 funding from EPSRC to lead a project to enhance understanding of SMEs’ cyber security support needs and their ability to address them.

The research aims to establish pilot Cyber Security Communities of Support (CyCOS), bringing together SMEs and advisory sources for practical help and support. The UK Cyber Security Breaches Survey indicates that half of small and a third of micro businesses experienced breaches or attacks in the last year. Whilst they do seek external guidance in relation to cyber security, they do so via a huge range of sources, and often find themselves overwhelmed with information and unable to understand the advice.

The research team includes Dr Maria Bada from Queen Mary University of London and Dr Jason Nurse from the University of Kent and is led by Steven Furnell, Professor of Cyber Security at the University of Nottingham.

Businesses know there is a need to protect themselves from cyber attacks, but knowing just how to do this and where to go for trusted help can be a minefield. We want to make the process of accessing help easier and more targeted. Our research will improve understanding of SME needs and the perspective of those that they turn to for support. We will then use these insights as a foundation for the design and evaluation of a new and more accessible model for support with the Communities of Support pilots.
Steven Furnell, Professor of Cyber Security at the University of Nottingham
The research will investigate the support needs of small businesses, to establish their current understanding and confidence around cyber security, and their awareness and perceptions of available support. The investigation will seek to determine the scenarios in which cyber security advice is sought (e.g. during product evaluation, at point of purchase, in response to threats and incidents), and whether it is deemed effective.

The project will also analyse support routes available to these businesses, focusing on the coverage and consistency of advice, as well as the confidence and capacity of those providing it.

Research findings will be used to establish three pilot CyCOS which will include the creation of an online Support Broker, enabling the SMEs to identify support needs and contact advisory sources positioned to help them (which, as the community develops and grows in experience, may include peer support from other SMEs). The project offers upskilling opportunities for advisors and interested SMEs, via foundational cyber security certification to increase their related knowledge and capability.

The research is supported by strong industry collaboration, with partners including the Home Office, (ISC)2, IASME, the Chartered Institute of Information Security, the Centre for the New Midlands, and three regional Cyber Resilience Centres.

Professor Furnell adds: “This project is an exciting opportunity to plug a gap that exists in cyber security for SME’s. We hope that if successful the CyCOS model could be rolled out nationally and become a vital tool in the fight against cyber attacks.”