Exploring MSMEs Cybersecurity Awareness and Risk Management : Information Security Awareness

Abstract

The use of information technology in the management of Micro, Small, and Medium Enterprises (MSMEs) is not limited to business performance and productivity but also aspects of data security and transactions using various mobile, website, and desktop-based applications. This article offers an idea to explore cybersecurity awareness and risk management of MSME actors who adopt information technology. The research method used is qualitative with a case study approach in the Coffeeshop X business and the Y Souvenir business in Salatiga City, Central Java, Indonesia. The data collection technique used in-depth interviews, observation, and document studies. These findings indicate that Cybersecurity Awareness, especially information security awareness, can be reviewed based on knowledge, attitudes, and behavior. Risk management can be review based on supply risk, operational risk, and customer risk. Cybersecurity Awareness and Risk Management in MSMEs is holistic and cannot be generalized, so it needs to be discussed contextually based on case studies. In the context of Coffeeshop X and Souvenir Y, the level of Cybersecurity Awareness (knowledge, attitude, behavior) is not always linear. In addition, risk management is more dominant in the customer risk dimension, compared to supply risk and operational risk.