Cybersecurity Management in Micro, Small, and Medium Enterprises in Colombia

The aim of this research study is the analysis of the cybersecurity management in micro, small and medium enterprises (MSMEs or MIPYMES) in Colombia. To reach this objective, the quantitative approach methodology was used, with a descriptive exploratory scope, in coherence with the research approach. To collect the information, a questionnaire was used, applied to 130 MSMEs companies from 23 states in Colombia. The results of the research study show that a considerable percentage of MSMEs in Colombia is aware of what cybersecurity is, and the main procedures that they carry out, depending on the Information Technology and Communications is about payments. The analysis leads to conclude that, while the enterprises know what cybersecurity is, they do not develop actions to mitigate risks originated from cyberattack threats. This is evident, among several other reasons, because in its great majority, they do not count with a unit in charge of managing cybersecurity, and when they make third party agreements of information services, they do not establish confidentiality agreements. These steps are essential for a safe digital transformation of MSMEs in Colombia.