SMEs’ Confidentiality Concerns for Security Information Sharing - Human Aspects of Information Security and Assurance Access content directly
Conference Papers Year : 2020

SMEs’ Confidentiality Concerns for Security Information Sharing


Small and medium-sized enterprises (SME) are considered an essential part of the EU economy; however, highly vulnerable to cyber-attacks. SMEs have specific characteristics which separate them from large companies and influence their adoption of good cybersecurity practices. To mitigate the SMEs’ cybersecurity adoption issues and raise their awareness of cyber threats, we have designed a self-paced security assessment and capability improvement method, CYSEC. CYSEC is a security awareness and training method that utilises self-reporting questionnaires to collect companies’ information about cybersecurity awareness, practices, and vulnerabilities to generate automated recommendations for counselling. However, confidentiality concerns about cybersecurity information have an impact on companies’ willingness to share their information. Security information sharing decreases the risk of incidents and increases users’ self-efficacy in security awareness programs. This paper presents the results of semi-structured interviews with seven chief information security officers (CISOs) of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The results were analysed in respect of the Self-Determination Theory (SDT). The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing. This allows many SMEs to participate in security information sharing activities and supports security experts to have a better overview of common vulnerabilities.
Fichier principal
Vignette du fichier
497442_1_En_22_Chapter.pdf (413.3 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-03657717 , version 1 (03-05-2022)




Alireza Shojaifar, Samuel A. Fricker. SMEs’ Confidentiality Concerns for Security Information Sharing. 14th International Symposium on Human Aspects of Information Security and Assurance (HAISA), Jul 2020, Mytilene, Lesbos, Greece. pp.289-299, ⟨10.1007/978-3-030-57404-8_22⟩. ⟨hal-03657717⟩
44 View
34 Download



Gmail Mastodon Facebook X LinkedIn More