The University of Nottingham’s School of Computer Science has been awarded almost £700,000 funding from EPSRC to lead a project to better understand small and medium sized enterprises’ (SMEs’) cyber security support needs and their ability to address them.
The research aims to set up pilot Cyber Security Communities of Support (CyCOS), bringing together SMEs and advisory sources. Researchers point to the government-backed UK Cyber Security Breaches Survey, that indicates that half of small and a third of micro businesses experienced breaches or attacks in the last year. While they do seek external guidance in relation to cyber security, they do so via a huge range of sources, and often find themselves overwhelmed with information and unable to understand the advice.
The research team includes Dr Maria Bada, Lecturer in Psychology at the School of Biological and Behavioural Sciences at Queen Mary University of London and Dr Jason Nurse from the University of Kent and is led by Steven Furnell, Professor of Cyber Security at Nottingham.
Furnell said: “Businesses know there is a need to protect themselves from cyber attacks, but knowing just how to do this and where to go for trusted help can be a minefield. We want to make the process of accessing help easier and more targeted. Our research will improve understanding of SME needs and the perspective of those that they turn to for support. We will then use these insights as a foundation for the design and evaluation of a new and more accessible model for support with the Communities of Support pilots.”
Researchers plan to investigate what support small businesses need, to find their understanding and confidence around cyber security, and their awareness and perceptions of available support. The aim is to seek to determine the scenarios in which cyber security advice is sought (whether during product evaluation, at point of purchase, in response to threats and incidents), and whether it is deemed effective.
The project will also analyse support routes available to these businesses, focusing on the coverage and consistency of advice, as well as the confidence and capacity of those providing it.
Research findings will be used to establish three pilot CyCOS which will include the creation of an online Support Broker, enabling the SMEs to identify support needs and contact advisory sources positioned to help them (which, as the community develops and grows in experience, may include peer support from other SMEs). The project offers upskilling opportunities for advisors and interested SMEs, via foundational cyber security certification to increase their related knowledge and capability. Partners include the Home Office, the IT group (ISC)2, the certification body IASME, the Chartered Institute of Information Security (CIISec), the Centre for the New Midlands, and three of the country’s regional Cyber Resilience Centres.
Centre of Excellence
Kent meanwhile has been recognised by the UK official National Cyber Security Centre (NCSC) as an Academic Centre of Excellence in Cyber Security Education (ACE-CSE) with a Gold Award. This means that it has met the ACE-CSE standard for Gold Award comprised of eight requirements set by the NCSC and the Department for Science, Innovation & Technology. Kent is now one out of only 12 ACEs-CSE in the UK to obtain Gold status.
This new award was led by Kent’s cross-disciplinary Institute of Cyber Security for Society (iCSS), one of 19 Academic Centres of Excellence in Cyber Security Research (ACEs-CSR), jointly recognised by the NCSC and the Engineering and Physical Sciences Research Council.
Kent is part of a 12-month research project by the think-tank RUSI, De Montfort University and Oxford Brookes University, funded by the NCSC, with the Research Institute in Sociotechnical Cyber Security, that aims to explore the relationship between ransomware and cyber insurance.
