Date of Award

Spring 2026

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Engineering Management & Systems Engineering

Committee Director

Barry Ezell

Committee Member

T. Steven Cotter

Committee Member

C. Ariel Pinto

Abstract

Small-medium businesses (SMBs) play a pivotal role in the worldwide economy as they constitute the most considerable portion of businesses in developed countries like the UK and the US. As such, SMBs are likely targets of cybercrimes by malicious agents because of their vulnerable IT systems. The digital infrastructure of SMBs is more likely to be hit by cyberattacks than large businesses due to many factors that facilitate hackers’ missions. These factors include a limited financial budget devoted to cybersecurity, a lack of knowledge, an underrating of how dangerous cyber threats are, and a shortage of IT expertise. The enormous development of information and communication technology has resulted in the implementation of digital systems that are crucial for maximizing business organizations’ profit and ubiquity. Consequently, the attack surface of business organizations has expanded and has become more vulnerable unless robust security measures are in place.

The increasing sophistication of cyberattacks presents SMBs with an expanding array of security challenges. As these threats grow more complex, the demand for robust and advanced cybersecurity measures has become more critical than ever. A proactive stance is essential to mitigate potential cyber intrusions effectively. Emerging technologies, such as blockchain, artificial intelligence, and the Zero Trust security framework, provide valuable solutions for fortifying the digital resilience of SMBs. Among these, Zero Trust Architecture (ZTA) stands out as a pivotal strategy for safeguarding SMBs. Although the implementation of ZTA has been explored across various business contexts, limited attention has been given to addressing the unique financial, human resource, and capability constraints faced by SMBs. Considering the essential role of SMBs in the global economy, this research seeks to fill this gap by providing insights that can aid researchers and practitioners in advancing the cybersecurity posture of SMBs through the adoption of ZTA.

This research adds to the current body of knowledge by providing an integrated prediction model that enables not only quantification of the likelihood of successful implementation of ZTA, considering the organizational and financial burdens it may create and the implied complexities SMBs experience in managing cyber risks, but also reveals the extent to which ZTA tools could reduce overall cyber risk. The first sub-model strives to assess the likelihood of successful implementation of ZTA pillars and associated security measures given organizational and financial barriers, while the other sub-model provides a risk assessment for cyberattacks selected in terms of the two risk components – frequency and severity. The proposed model will leverage Bayesian Network modeling to create the causal relationship between variables and quantify inherent uncertainties.

Rights

In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/ This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).

DOI

https://doi.org/10.25777/yxbs-j198

ISBN

9798197810090

Share

COinS