Kennedy Njenga
Abstract
In efforts to grow, Tech Titans can stifle the growth of small and medium-sized enterprises (SMEs) because of their size, market dominance, and mastery of technology used to keep their infrastructure secure. While SMEs are economic powerhouses for most economies, these often lack the resources and expertise to address information security needs compared to Tech Titans, with many facing existential threats. This qualitative study delves into how SMEs can begin formulating ways to address pragmatic information security needs pertinent to their contexts, just like Tech Titans do while remaining resilient to threats. The study aimed to bridge the gap between existing, often large-scale and tailored, information security frameworks of Tech Titans with SMEs’ practical needs. By analysing real-world practices and perspectives, the study generated a substantive theory grounded in practitioner experiences. This was done using the Grounded Theory (GT) method. The many hours of in-depth interviews, guided by a theoretical sampling of five practitioners, generated transcripts that were analysed qualitatively. This analysis generated perspectives that formed the basis of a taxonomy of common Tech Titans’ information security methods that could be tailored to accommodate SMEs. A theory called ‘SME Resilience to Information Security’(SMEr-IS) was developed from this taxonomy, which offers practical insights for effective information security management and optimisation for SMEs