Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses

Abstract

Small businesses are easy victims of cyberattacks due to their limited resources and insufficient training. Furthermore, many small business owners’ attitudes diminish their need for safeguards because they think that they are not likely to be attacked. Yet, small businesses experience Denial of Service (DoS) attacks, Distributed Denial of Service (DDos) attacks, phishing, vishing, and tail gating as well as theft of confidential information and hardware. Consequently, numerous small businesses close or experience detrimental results -- loss of consumer trust, lawsuits, credit monitoring fees, tarnished reputations, and lost operational costs. Since past research demonstrated that training positively impacts self-efficacy, this paper explores the effects of cybersecurity training on participants’ self-efficacy towards small business cybersecurity practices. Survey participants were face-to-face and virtual attendees at a public university’s Cybersecurity for Small Businesses Conference. To evaluate the attendees’ perceived self- efficacy, a pre-and post-survey included cybersecurity questions with demographic questions. The results show a significant difference in scores for overall cybersecurity self-efficacy before and after such training.