Cybersecurity in SMEs: Which Competencies Are Needed?

Which competencies are required for effective cybersecurity in small and medium-sized enterprises (SMEs)? Which roles and tasks are essential to achieve an adequate and structural digital resilience of their businesses?

Centre of Expertise Cyber Security

Cybersecurity in het mkb: welke competenties zijn nodig?

The Cyber Security and Safety research group of The Hague University of Applied Sciences is examining which competencies are needed within SME organisations to establish sustainable cybersecurity practices. The aim of this research is to identify the minimum required roles and tasks that contribute to long-term cyber resilience.

Background

Cyber threats are becoming increasingly sophisticated and frequent. SMEs are the backbone of the Dutch economy, but often still lack basic cybersecurity measures due to a lack of knowledge, capacity, or urgency. This makes these companies particularly vulnerable to digital attacks. The Cyber Security and Safety research group, part of the Centre of Expertise Cyber Security, therefore investigates which roles and tasks are essential for effective cybersecurity and to what extent the required competencies are currently present within organisations. These insights form the basis for practical support and contribute to sustainable digital resilience in SMEs.

Objective

The research aims to gain insight into:

  1. the minimum required cybersecurity tasks and roles within SME organisations;
  2. the competencies needed to effectively fulfil these tasks and roles;
  3. the extent to which SMEs currently possess these competencies;
  4. the alignment between existing education and training offerings and the practical needs of SMEs.

Based on these insights, targeted recommendations will be developed for appropriate education programmes, effective policy, and focused support for SME organisations.

Research Design

The study consists of three components:

  1. Survey – mapping the cybersecurity maturity of SME organisations;
  2. In-depth interviews – discussions with field experts to identify essential roles and tasks for effective cybersecurity within SMEs;
  3. Training offer analysis – a later-stage assessment of how well existing education and training programmes align with identified competency needs.

Expected Results

The research will provide a clear overview of essential roles, tasks, and associated competencies related to cybersecurity in SMEs. These insights offer concrete guidance for improving education, training, and support structures that better align with the practical needs of SME businesses.

Project Duration

November 2024 – November 2026

Funding

This project is funded by IT Verband Zuid-Holland (ITVZH).

Team

  • Emiel Kerpershoek, researcher, Cyber Security and Safety research group
  • Marcel Spruit, Professor Cyber Security and Safety

Contact

For more information about this research, please contact Emiel Kerpershoek.