10.11.2025 | School of Business

Cybersecurity Protection & Adoption: How much more will it need? Determinants of risk-driven cybersecurity adoption in Swiss SMEs

A research team from the FHNW School of Business and other universities reviewed the state of cybersecurity preparedness, response efficacy and implementation expectancy among 1 500 Swiss small business managers and owners.

The research between 2021 and 2023 identified four critical factors that shape managers’ behavioural intentions to adopt cybersecurity measures.

As cybercrime continues to escalate globally, small and medium-sized enterprises (SMEs) face increasing threats to their digital assets / IT infrastructure. This study explores the key determinants influencing cybersecurity adoption among SME managers in Switzerland, using an Extended Protection Motivation Theory (extended PMT) and Partial Least Squares Structural Equation Modelling (PLS-SEM). Based on interview data from over 1 500 Swiss small businesses, the research identifies four critical factors that shape managers’ behavioural intentions to adopt cybersecurity measures:

Perceived Cybersecurity Efficacy (PCE)
Response Efficacy (PRE)
Implementation Expectancy (PIE)
Cybersecurity Preparedness (PP)

The findings provide actionable insights for business leaders and managers, policymakers, and cybersecurity professionals, emphasising the importance of awareness, training, and strategic planning to build resilient digital infrastructures.

SME managers are more likely to implement cybersecurity strategies when they feel prepared, believe the measures are effective, expect successful implementation, and have confidence in their own cybersecurity capabilities. The study provides a validated model that explains over 40% of the variance in cybersecurity adoption behaviour, offering a practical framework for improving cybersecurity readiness in organisations.

Further informationen

Further information and the full paper can be found at https://cybersecurity-protection-adoption.com/.

Visit https://cyberstudie.ch/ for the most recent cybersecurity study 2025.

Do you want to dive deeper into the topic? Consider our continuing education programme CAS Cybersecurity und Information Risk Management.

Full reference

Marc K. Peter, Khondker Mohammad Zobair, Johan P. Lindeque, Karin Mändli Lerch & Luke Houghton (2025): How much more will it need? Determinants of risk-driven cybersecurity adoption in Swiss SMEs: a structural equation modelling approach. Journal of Cybersecurity, Volume 11, Issue 1, 2025, tyaf027, doi.org/10.1093/cybsec/tyaf027.