Securing information security is in the interest of all users of information and communication technologies, namely individuals, businesses and organizations, national authorities and institutions, multinational groups, and IT consulting companies. In this paper, we evaluate the results of our surveys in the field of information security in the sector of small and medium-sized enterprises, which were carried out in the years 2008 - 2020. The research was conducted through a research model that was developed based on the analyzed professional and scientific literature. The model was validated in the individual years of study on a sample of small and medium-sized enterprises operating in the Slovak Republic. The aim of the surveys was to map the evolution of the companies' approach to information security. Standard methods of scientific work such as analysis, synthesis, comparison, and selection were used in the preparation of the paper. A questionnaire survey was used to collect data, which were evaluated using descriptive statistics and cluster analysis. We expected that companies would pay more attention to information security during the study period, but this was not confirmed. In most cases, the values of the research indicators did not change in leaps and bounds, but gradually, and did not show large differences. The highest increase was recorded in the handling of sensitive information (23%), which can be justified by the regulation GDPR. Other positive values were in the following cases: personal data protection (an increase of 14%), problem management (an increase of 13%), and integration of information systems within the organization (an increase of 13%). We assumed that the main driver of increased care for information security would be legislative pressure in the Slovak Republic, but here we saw an increase of only 10%. An interesting and unexpected result was recorded in the case of small businesses, sector G - Trade - sales, consulting, services, which were classified into three different clusters. It means that small businesses operating in Slovakia in the same industry approach information security differently. A more detailed examination of the mentioned differences thus creates assumptions and topics for further research.
Loading....