Cybersecurity Assessment Model for Small and Medium Enterprises (Smes) E-commerce in Kenya

Abstract

In Kenya, there has been a remarkable surge in the adoption of e-Commerce among Small and Medium Enterprises (SMEs), especially in the aftermath of the COVID-19 pandemic. This has seen several online stores developed and launched for Business-to-Consumer(B2C) e-Commerce. However, the rise of e-Commerce platforms has also led to an increased number of cyber-attacks and data breaches, leading to financial losses, damage to reputation, and decreased market share for SMEs with no cybersecurity strategies. This phenomenon is primarily caused by a lack of cybersecurity assessment models that are adapted to the specific demands of SMEs e-Commerce platforms. This study sought to assess e-Commerce's cybersecurity level and maturity for SMEs in Kenya by developing assessment model. This study reviewed some theoretical framework, standards, models, and empirical study to guide the development of the model. A tailored cybersecurity assessment model was developed specifically for SMEs operating in the e-Commerce sector in Kenya. The study assessed e-Commerce cybersecurity maturity level by using mixed methods approach with a focus on experimental research design, and determined the most common cyberattacks in relation to e-Commerce operations. The assessment included various metrics such as access control mechanisms, software, data security, authorization and authentication, and network, and was rated quantitatively on a scale of 1-100 with critical, moderate, and highly secured as qualitative output of the model. The study involved 40 SMEs, all of whom responded to a semi structured questionnaire, and 36 agreed to have their e-Commerce platforms assessed using the model developed. Out of 36 e-Commerce assessed, 34 were found to be most vulnerable to cyberattacks, with a critical rating and assessment falling below 50 points, while only two were considered moderate or secure for online operations. The study concluded that SMEs must implement robust cybersecurity measures and standards, including access controls, authentication and authorization, data security, software security and network security since the study discovered that all the variables in the model are contributing to overall security. The study recommends specific policy formulation on cybersecurity to control deployment of e-Commerce. The study further recommends a study on user behaviour and online trends in managing e-Commerce cybersecurity.