Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises

The cybersecurity of organizations is a subject of perennial concern as they are subject to mounting threats in an increasingly digitalized world. While commercial and charitable organizations have been the objects of cybersecurity research, social enterprises (SEs) have remained unexplored. As SEs have become increasingly important features of social and economic development, so their prominence as potential targets of cybercrime also increases. In order to address this knowledge gap, this article examines the factors that influence the cyber-preparedness of SEs in the U.K. Through the use of semistructured interviews with SE owner-managers, these factors are found to comprise the characteristics of the enterprise, the characteristics of the enterprise management, resource constraints, experience of cyberattacks, usage of IT, and awareness of cybersecurity schemes and resources. These insights provide valuable guidance for SE owner-managers, SE support agencies, and policy-makers when considering the cybersecurity of SEs. These findings are of immediate concern to SEs but also to other organizations that are engaged in partnerships with them as SEs may afford “gateway” opportunities to those with malicious intent.