Cyber Risk Analysis and Causal Factors Influence the Cybersecurity Readiness Capability for Small and Medium Enterprises in Thailand

This research examines the challenges faced by Small and Medium Enterprises (SMEs) in Thailand concerning cybersecurity, primarily stemming from resource limitations that impair their capacity to effectively mitigate cyber threats. Such constraints often result in heightened vulnerability to cyber attacks, underscoring need for a comprehensive understanding of risk landscape. To achieve this, study employs Fuzzy Analytic Hierarchy Process, engaging fifteen experts to evaluate and prioritize the key categories of cyber risks encountered by SMEs. The analysis reveals that financial risks constitute the most critical concern, followed by operational, regulatory, human-related, and reputational risks. Utilizing Structural Equation Modeling, the study identifies technology readiness as the most influential factor, with organizational processes and human factors also playing significant roles. Additionally, Exploratory Factor Analysis is applied to develop a measurement scale for cybersecurity readiness, pinpointing fifteen indicators classified into three overarching categories. The culmination of this research is the proposal of a comprehensive framework aimed at enhancing cybersecurity preparedness within SMEs. This framework integrates the identified indicators with established standards from the NIST Cybersecurity Framework 2.0 and ISO/IEC 27001:2022, ensuring relevance across organizational levels from leadership to operational staff. Expert evaluations suggest that the framework is both practical and feasible for implementation in real-world SME contexts.