Cybersecurity Protection & Adoption

journal of cybersecurity research paper
Marc K. Peter, Khondker Mohammad Zobair, Johan P. Lindeque, Karin Mändli Lerch & Luke Houghton (2025):

How much more will it need? Determinants of risk-driven cybersecurity adoption in Swiss SMEs: a structural equation modelling approach

Journal of Cybersecurity, Volume 11, Issue 1, 2025, tyaf027, doi.org/10.1093/cybsec/tyaf027

DOWNLOAD THE FULL ARTICLE HERE (PDF)

Abstract

As cybercrime continues to escalate globally, small and medium-sized enterprises (SMEs) face increasing threats to their digital assets / IT infrastructure. This study explores the key determinants influencing cybersecurity adoption among SME managers in Switzerland, using an Extended Protection Motivation Theory (extended PMT) and Partial Least Squares Structural Equation Modelling (PLS-SEM). Based on interview data from over 1,500 Swiss small businesses, the research identifies four critical factors that shape managers’ behavioural intentions to adopt cybersecurity measures:
  • Perceived Cybersecurity Efficacy (PCE)
  • Response Efficacy (PRE)
  • Implementation Expectancy (PIE)
  • Cybersecurity Preparedness (PP)

Together, these factors explain over 40% of the variance in cybersecurity adoption intentions. The findings provide actionable insights for business leaders and managers, policymakers, and cybersecurity professionals, emphasising the importance of awareness, training, and strategic planning to build resilient digital infrastructures.
This study offers a validated model for understanding and enhancing risk-driven cybersecurity adoption, making it a valuable resource for organisations aiming to strengthen their cyber defence strategies and digital transformation efforts.

Determinants of risk driven cybersecurity adoption
DOWNLOAD THE FULL ARTICLE HERE (PDF)

Key Take-Away

Cybersecurity adoption in small businesses is significantly influenced by four psychological and organisational factors: perceived cybersecurity efficacy, response efficacy, implementation expectancy, and preparedness. Among these, preparedness has the strongest impact on managers’ intention to adopt protective cybersecurity measures.

This means that SME managers are more likely to implement cybersecurity strategies when they feel prepared, believe the measures are effective, expect successful implementation, and have confidence in their own cybersecurity capabilities. The study provides a validated model that explains over 40% of the variance in cybersecurity adoption behaviour, offering a practical framework for improving cybersecurity readiness in organisations.

PLS SEM structural model for risk driven cybersecurity adoption

Figure 3: Final PLS-SEM structural model for risk-driven cybersecurity adoption in Swiss SMEs.

DOWNLOAD THE FULL ARTICLE HERE (PDF)
Prof Marc K Peter

Prof. Dr. Marc K. Peter

Marc K. Peter is Professor of Digital Business at the HES-SO School of Business (CH). He is a faculty member of the University of Rochester (USA), at Charles Sturt University (AU), Rochester-Bern Executive Programs (USA/CH) and at the University of Basel (CH). Following a career at eBay, E*TRADE (ANZ) and LexisNexis in Europe and Asia-Pacific, his research and teaching focus is digital transformation, digital technology and cybersecurity.
Contact and further information www.hevs.ch/­en/collaborateurs/­peter-212861
Dr Khondker Mohammad Zobair

Dr. Khondker Mohammad Zobair

Khondker Mohammad Zobair is a Lecturer in the Department of Business Strategy and Innovation, School of Business at Griffith University. He has previously been a lecturer at King Fahd University of Petroleum and Minerals, and the University of Hail, in Saudi Arabia. His research focus includes Information Systems, Health Informatics, Social-Technical Theories, AI, Machine Learning, and Big Data Analytics.

Contact and further information experts.griffith.edu.­au/­13095-khondker-mohammad-zobair
Dr Johan Lindeque

Dr. Johan P. Lindeque

Johan P. Lindeque is a lecturer and Head of the Science Lab at the FHNW School of Business (CH). He has previously held the position of Assistant Professor of strategy at the University of Amsterdam Business School (NL) and lecturer in international business at Queen’s University Management School, Belfast (UK). His research interests focus on SMEs’ strategic responses to transition processes, including digital transformation and the sustainability transition.

Contact and further information www.fhnw.ch/en/­people/johan-paul-lindeque
Karin Maendli Lerch

Karin Mändli Lerch

Karin Mändli Lerch is a Senior Market Research Consultant at YouGov (CH). She conducted the survey in her previous role as Project Manager at gfs-zurich (CH). Before that, she was a Senior Consultant at ISOPUBLIC (CH). She conducts studies for clients in a wide range of sectors, mainly for the insurance industry, associations and universities. Her focus lies on quantitative studies via telephone, online and face-to-face surveys.
Contact and further information www.linkedin.com/­in/karin-m%C3%A4­ndli-lerch-2224b6121
Prof Luke Houghton

Assoc. Prof. Dr. Luke Houghton

Luke Houghton is an Associate Professor in the Department of Business Strategy and Innovation, School of Business at Griffith University. He has completed more than 22 research higher degrees projects with the great majority of those being PhD candidates. He has also been published in top journals, including Information Systems Journal, the Journal of Industrial Ecology, and the Journal of the Operational Research Society.
Contact and further information experts.griffith.edu.­au/­8697-luke-houghton
The authors would like to thank the involved associations and research organisations Schweizerische Mobiliar Versicherungsgesellschaft, Digitalswitzerland, Allianz Digitale Sicherheit Schweiz ADDS, Fachhochschule Nordwestschweiz FHNW, Schweizerische Akademie der Technischen Wissenschaften SATW, and gfs-zurich.

Full reference

This article is published under the Creative Commons Attribution (CC BY 4.0) licence. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial & non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this licence may be seen at creativecommons.org/­licences/by/4.0/legalcode

Marc K. Peter, Khondker Mohammad Zobair, Johan P. Lindeque, Karin Mändli Lerch & Luke Houghton (2025): How much more will it need? Determinants of risk-driven cybersecurity adoption in Swiss SMEs: a structural equation modelling approach. Journal of Cybersecurity, Volume 11, Issue 1, 2025, tyaf027, doi.org/10.1093/cybsec/tyaf027.

 

© 2025 Marc K. Peter, Khondker Mohammad Zobair, Johan P. Lindeque, Karin Mändli Lerch & Luke Houghton
(www.cybersecurity-protection-adoption.com)