International Journal of Science Academic Research Vol. 04, Issue 09, pp.6301-6310, September, 2023 Available online at http://www.scienceijsar.com ISSN: 2582‐6425 Research Article A CYBER SECURITY FRAMEWORK TO STRENGTHEN SMALL AND MEDIUM SCALE ENTERPRISES (SMES) IN NIGERIA *Vincent Onuwabhagbe OGBEIDE, Osaremwinda OMOROGIUWA and Emmanuel Eturpa SALAMI Department of Computer Science and Information Technology, Igbinedion University Okada, Edo State, Nigeria Received 25 th July 2023; Accepted 20 th August 2023; Published online 30 th September 2023 Abstract Small and Medium Scale Enterprises (SMEs) in Nigeria are currently experiencing variety of cyber threats which is a big challenge as they are faced with wide range of cyber attacks that impact their businesses negatively. Challenges such as lack of access to finance, modern technology among others has hampered SMEs to perform their role as the engine growth in the economy. Despite the known challenges, most SMEs feels they are safe from cyber attacks than large organizations. However, something can be done for SMEs to at least prevent or mitigate these cyber attacks by addressing and understanding cyber security problems, developing good cyber culture and by creating a more proactive strategy that is suitable to SMEs. Therefore, firstly six known cyber security frameworks are thoroughly analyzed with the identified strengths and weaknesses. Subsequently, we propose a cyber security framework for SMEs in Nigeria that is dynamic, simple and cost effective, which is suitable to SMEs context. Keywords: Small and Medium Scale Enterprises (SMEs), Framework, Cyber Attacks, Cyber Security, Cyber Threats. INTRODUCTION The advancement in technology has created exciting business opportunities for Small and Medium Scale Enterprises (SMEs), this opportunities are marred with new chanellages such as the ability to manage data, and a new source of risks (Calabrese et al., 2019; Jafari-Sadeghi, 2021; Shah et al., 2019). The rapidly evolving use of technology makes life easy and fast but also expose organisations to danger because of the threats from cyber crime. SMEs are faced with the same levels of cyber security issues as large organizations. However, limited resources and capabilities made them fragile against cyber risks (Baggott & Santos, 2020; Benz & Chatterjee, 2020). This inherent gap in cyber security has made SMEs a primary target for cybercriminals with 43% of all attacks in 2019 aimed at SMEs (Verizon, 2020). The web and the Internet globally provide an essential medium for SMEs and offer a lot of opportunities to both SMEs and the large scale industries (Apau et al., 2019). SMEs in Nigeria face more cyber threats with attacks increasing by 89 per cent in 2021, this is according to Kaspersky researchers, which assessed the dynamics of attacks on SMEs between January and April 2022 and the same period in 2021, they warned that these threats pose an increasing danger to entrepreneurs (Adepetun, 2022). The costs and consequences of such attacks on businesses and governments are considerable. Cyber attacks cost organizations over $5 billion in 2017 and are anticipated to cost over $6 trillion in 2021 (Morgan 2021). Most SMEs do not have robust security measures against cyber threats and these makes cyber criminals attracted to them. This is a major reason for majority of SMEs failures (Moura & Serrão, 2018). The capacity of SME to perform their role, as the engine of growth in the economy, is often hampered by challenges such as lack of access to finance, modern technology, and market with unfair competition to imported goods, among others. *Corresponding Author: Vincent Onuwabhagbe OGBEIDE, Department of Computer Science and Information Technology, Igbinedion University Okada, Edo State, Nigeria Despite this, the top management in SMEs tend to think that their company is safe from cyber attacks because attackers are more likely to target larger enterprises (Bisson, 2021; Bullguard, 2020). Due to a lack of IT specialists and resources to implement the cyber security system with technological tools, SMEs face more cyber security-related development obstacles and concerns than larger businesses. Cyber attacks are becoming more common, emphasizing the significance of proper cyber security. Cyber security protects an organization’s IT-related assets, such as data, systems, and networks, from digital attacks that might access, delete, or manipulate sensitive data or disrupt company operations (Kim & Solomon 2016). However, most local businesses lack adequate monitoring and security measures against unauthorised modification, resulting in unauthorised disclosure. Specifically, the owners regularly lack the proper processes to control evolving cyber security risks and information systems security threats that characterize the use of these technologies (Njenga & Jordaan, 2016). Indeed, emerging obstacles such as information security and cyber risks have resulted in widespread financial and nonfinancial losses (Arcuri et al., 2017). Therefore, cyber risk management and preparation is a crucial competencies for not only survival but also the growth of SMEs (Chatterjee, 2019; Hoppe et al., 2021). The need for SMEs to be aware of and understand the consequences of cyber security and how it can be addressed cannot be understated because this awareness and the understanding can potentially “influence the adoption of secure behaviours” (Bada & Sasse 2014). Mijnhardt, et al (2016) inform us that larger organisations have responded by adopting security standards such as ISO 27000x series, COBIT, NIST, and related frameworks but these frameworks are complicated and expensive for SMEs to adopt and implement. Given the above fact, six well known cyber security frameworks were thoroughly analyzed according to their principles and standards. Their basic strengths and weaknesses were also identified. Finally, a cyber security framework that is dynamic, simple and cost effective is proposed for SMEs in Nigeria. The