A multidisciplinary team of researchers at Cardiff University extends an invitation to take part in a research project which aims to establish how SMEs make decisions about cybersecurity investments and, ultimately, how this process can be better supported and optimised. The project objective is to identify metrics that will be of use for both Board members and technical security experts for supporting cybersecurity investment decision-making in SMEs. We hope that with your contribution we will be able to produce a Best Practice Guide for SMEs on the Use of Economic Metrics for Supporting Cybersecurity Decisions. The Guide will benefit the entire SME community in the UK and worldwide. This research project is funded by National Cyber Security Centre (NCSC) in collaboration with the Research Institute for Sociotechnical Cyber Security (RISCS) under the theme “Economics and Incentives”. 

We invite all professionals who are involved in decision-making about cybersecurity investments in any role and capacity to take part in our study. The study focuses on small and medium businesses with the number of employees below 250, however, this is flexible. If you are a business owner, CEO, CISOs or IT security expert, or a professional in a different role, and you participate or contribute to decision-making around cybersecurity investments in your company, we invite you to share your opinion and experience in this area for the benefit of the community. We are also interested in interviewing security vendors and security consultants. If you agree to participate in this study, you will be invited for an interview which will be conducted online by one of our researchers at the time convenient for you. The interview will take between 30 to 60 mins depending on your availability. Prior to the interview we will provide full information about the project. 


If you have any questions about this research please contact Dr Yulia Cherdantseva on cherdantsevayv@cardiff.ac.uk.