Search for a command to run...
This research examines cybersecurity awareness and implementation within Zambia’s small and medium-sized enterprises (SMEs), a sector increasingly targeted by cyberattacks that cause substantial financial losses. The study aimed to enhance cyber awareness and develop actionable guidelines for SMEs in Zambia. Utilising an interpretive philosophy and inductive approach, the methodology encompassed semi-structured interviews, cross-sectional analysis, and a comprehensive review of CISA, ENISA guidelines, and Zambia’s Data Protection Act. Findings indicate a notable deficit in cybersecurity training and awareness among SMEs. Key concerns include inadequate data security measures, a lack of formal cybersecurity policies, and a reliance on basic tools like antivirus software. In response, the study formulated targeted guidelines that emphasise integrating cyber awareness into SME governance and risk management. These guidelines have garnered significant interest from Zambian government entities, highlighting their potential influence on national cybersecurity policy. The study contributes theoretically by contextualising international cybersecurity standards within Zambia’s unique SME landscape. Methodologically, it pioneers a cyber awareness framework tailored to Zambian SMEs, underscoring the critical role of human factors in cybersecurity. In practice, the research has sparked engagement among SMEs and government bodies, demonstrating its applicability and potential to shape policy. However, limitations include reliance on outdated demographic data and a focus on digitally enabled SMEs, potentially overlooking broader IT governance aspects and less digitised businesses. Future research should aim for comprehensive, up-to-date analyses across all SME sectors, contributing to a more inclusive and resilient cybersecurity landscape in Zambia.