The Electronic Journal of Information Systems Evaluation provides critical perspectives on topics relevant to Information Systems Evaluation, with an emphasis on the organisational and management implications
For general enquiries email
Click here to see other Scholarly Electronic Journals published by API
For a range of research text books on this and complimentary topics visit the Academic Bookshop

Journal Article

Investigating the Factors Inhibiting SMEs from Recognizing and Measuring Losses From Cyber Crime in South Africa  pp167-178

Gino Bougaardt, Michael Kyobe

© Sep 2011 Volume 14 Issue 2, ICIME 2011, Editor: Ken Grant, pp167 - 281

Look inside Download PDF (free)


The level of cyber attacks on organisations has increased tremendously in recent years. When such attacks occur, organisations need to assess the damage and loss from this crime. While large organisations have the mechanisms to determine such losses, SMEs lack such capability and often ignore the need to implement effective information security measures (Kyobe, 2008; Altbeker, 2000; Upfold and Sewry, 2005). Consequently, their risk exposure to cyber threats and the losses they incur from these attacks are often high (Ngo, Zhou, Chonka and Singh, 2009). However, the current legislative requirements, costly legal liabilities for non‑compliance, and increasing pressure by stakeholders (e.g., lenders, business partners) on SMEs to comply with good practices suggest that SMEs cannot ignore security any longer. In order to ensure accountability and compliance with security requirements, it is imperative for SMEs to identify, account and report cyber incidents and losses resulting from cyber attacks. This study investigated the factors that inhibit SMEs from recognizing and measuring losses from cyber attacks in South Africa. A survey involving twenty organisations from different business sectors was conducted and the results indicate that victimisation, resulting from a lack of awareness of cyber‑crime has the greatest influence on SMEsĀ ability to recognise and prepare losses from cyber attacks.


Keywords: cybercrime, recognition and measuring losses, SMEs, victimisation


Share |