Factors affecting the intention to adopt cyber incident response planning among Dutch SMEs: an empirical investigation
To prepare for and, thereby, try to mitigate the negative impact of cyber incidents on SMEs, adoption of cyber incident response planning (CIRP) is imperative. This study aims to identify significant factors affecting CIRP adoption intention among Dutch SMEs. An integrated research model is developed based on the Technology-Organization-Environment framework, Diffusion of Innovation theory, Neo-Institutional Theory, and Protection Motivation Theory. The proposed model specifies one innovation (relative advantage), two organizational (top management support, resource availability), three environmental (buyer/supplier pressure, external support, technological uncertainty) and one decision maker (cyber risk perception) characteristic(-s) affecting CIRP adoption intention. The model is tested using survey data of 73 Dutch SMEs. Results of an ordinal logistic regression analysis show that top management support, buyer/supplier pressure, and cyber risk perception positively influence CIRP adoption intention. Overall, this study contributes to the cybersecurity adoption literature by demonstrating the usability of the theories in conceptualizing an integrated set of factors affecting CIRP adoption intention. Furthermore, a better understanding on what affects CIRP adoption intention is offered, which could help in making informed adoption decisions in at-risk SMEs and implementing policies or strategies aiming to promote CIRP adoption.
Faculteit der Managementwetenschappen