Towards a development of cybersecurity risk-responsibility taxonomy of small enterprises for data breach mitigation

Research studies tend to focus their efforts on large organizations while overlooking smaller organizations. This work-in-progress study addresses the failure to prevent data breaches in small enterprises (SEs). SEs contribute significantly to the economy, however, are more prone to cyber attacks due to the limited risk mitigations on their systems and low cybersecurity skills of their employees. SEs utilize Point-of-Sale (POS) systems that are exposed to cyber threats, and can result in exposure to the risk of a data breach. The absence of federal laws forcing organizations to adhere to standards such as the payment card industry data security standard (PCI DSS) leaves it up to the discretion of the SEs to invest in cybersecurity countermeasures toward preventing a data breach. Therefore, this work-in-progress study investigates the role corporate cybersecurity social responsibility plays in motivating these companies to engage in cybersecurity measures toward preventing data breaches.