Managing Cybersecurity ChallengesReviewer

Xavier Miranda, Graduate Research Assistant and Dr. Brady Brewer, Assistant Professor


Calculated risk? A cybersecurity evaluation tool for SMEs by Michael Benz & Dave Chatterjee


Business Horizons July-August 2020. Vol 63, Issue 4, Pages 531-540


There has been an increase in the implementation of new technologies such as cloud storage, data analytics and e-commerce platforms across all industries. This translates to a great deal more information being stored by companies, with a good portion of this information being data on customer or firm strategies. With this increase in data utilization, there is a subsequent increase in cybercrime specifically targeting small- and medium-sized enterprises (SME). These midsize companies are being targeted, as often times, they are just big enough to have sizable assets and typically do not use the latest measures in cybersecurity defense. This lag in adoption of security technology amplifies the threat SMEs face. 

These midsize companies are also targeted because they serve as gateways into larger companies which they are digitally connected. Damages attributed to cybercrimes are expected to cost the world $6 trillion annually by 2021. Therefore, the prevention and mitigation of cybersecurity risks are core competencies for the development and safety of an organization. 

The authors provide insight into the cybersecurity challenges that small- and medium-sized businesses face. While SMEs face the same cybersecurity threats as larger enterprises, they have fewer resources to address these threats. This, coupled with the overwhelming amount of anecdotal information received about daily cybersecurity incidents, can make it difficult for IT teams to deal with threats effectively. The authors identify the following questions SMEs should ask to better target their cybersecurity needs:

  • Where is our company exposed to serious cybersecurity risks?
  • What is an acceptable level of risk?
  • How do we compare with others in our industry?
  • What can we do to improve in areas where we are sub-standard? 

This paper examines and develops concise and applicable cybersecurity risk management methodologies.  The evaluation tool used is comprised of five parts: identify, protect, detect, respond and recover. The results from completing the evaluation tool provide a current cybersecurity state of affairs for the company, information on weaknesses in their system, potential solutions and a cost versus benefit analysis for the proposed solutions. 

What this means for Food and Agricultural Business

The agriculture industry is no stranger to risk management, which is essential for any business to survive and grow. Additionally, a lot of agricultural companies are categorized as SMEs. Typically, SMEs do not employ a separate IT department or function of the business. The added risk of cybersecurity threats is just an additional factor the agriculture industry has to account for when making decisions in the future. 

As the industry transitions to implement new technologies such as blockchain, artificial intelligence and further integrated systems, more of an emphasis must be placed on safeguarding the system. These technologies increase the connectivity of the agricultural supply chain as more and more companies share data. This means companies not only need to be prepared to increase their cybersecurity, but also need to factor this in when analyzing the business partners with which to share data. And while blockchain and other digital technologies seem promising as they bring transparency and traceability to the market place, they also brings added risk if data falls into the wrong hands. 

The standard practice for each company will look different; however, the general model will include identifying the areas of risk, determining acceptable risk levels, comparing the company to the industry standard for cybersecurity and determining areas of improvement.