Organization Cybersecurity System of Small and Medium Enterprise in Bangkok Metropolitan
Main Article Content
Abstract
This study aimed (1) to examine the components related to cybersecurity policy and training, regulatory and government policy, absorptive capacity, the impact of the pandemic, and the cybersecurity systems of small and medium-sized enterprises (SMEs) in Bangkok and (2) to investigate the direct causal influence of cybersecurity policy and training, government oversight and policy effectiveness, absorptive capacity, and the impact of the pandemic on the cybersecurity systems of SMEs in Bangkok. Data were collected from 440 SME entrepreneurs in Bangkok. The statistical methods employed included confirmatory factor analysis (CFA) and structural equation modeling (SEM). The analysis revealed that the structural equation modeling framework demonstrated a good model fit, with Chi-square = 125, df = 89, p-value = 0.001, and RMSEA = 0.022.
The research findings from the CFA confirmed acceptable fit indices for Cybersecurity and Training, Government Regulation and Policy, Absorptive Capacity, Pandemic Impact, and SMEs’ Cybersecurity Systems. The SEM results further revealed that Cybersecurity Policy and Training (β = 0.691), Government Regulation and Policy (β = 0.826), Absorptive Capacity (β = 0.680), and Pandemic Impact (β = 0.140) had significant positive effects on SMEs’ cybersecurity systems.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Copyright: CC BY-NC-ND 4.0
References
Advance Research Group. (2022). Cybersecurity: A business imperative. Bangkok, Thailand: Advance Research Group Publications.
Analysys mason. (2024). Cyber security service. Retrieved from https://www.analysysmason.com/research/
content/articles/cyber-incremental-revenue-rdmz0/
Alrawhani, E. M., Romli, A. B., Al-Sharafi, M. A., & Alkawsi, G. (2025). Integrating Information Security Culture and Protection Motivation to Enhance Compliance with Information Security Policies in Banking: Evidence from PLS-SEM and fsQCA. International Journal of Human–Computer Interaction, 14(19), 1-22.
Al-Somali, S. A., Saqr, R. R., Asiri and Maghrabi (2024), A. M., & Al-Somali, N. A. (2024). Organizational cybersecurity systems and sustainable business performance of small and medium enterprises (SMEs) in Saudi Arabia: The mediating and moderating role of cybersecurity resilience and organizational culture. Sustainability, 16(5), 1880.
Arroyabe, M. F., Arranz, C. F., de Arroyabe, I. F., & de Arroyabe, J. C. F. (2024). The effect of IT security issues on the implementation of industry 4.0 in SMEs: Barriers and challenges. Technological Forecasting and Social Change, 199, 123051.
Arslan, H., & Faisal, A. (2024). Securing SME Digital Frontiers: Designing Cybersecurity Awareness Programs to Minimize Human-Driven Threats. Retrieved from https://www.researchgate.net/publication/386409772
_Securing_SME_Digital_Frontiers_Designing_Cybersecurity_Awareness_Programs_to_Minimize_Human-Driven_Threats
Asiri, A. M., Al-Somali, S. A., & Maghrabi, R. O. (2024). The integration of sustainable technology and big data analytics in Saudi Arabian SMEs: A path to improved business performance. Sustainability, 16(8), 3209.
AustCham Thailand. (2024). Thailand lays out new cybersecurity standards. Retrieved from https://www.austchamthailand.com/thailand-lays-out-new-cybersecurity-standards
Bangkok Post. (2024). SMEs face growing cybersecurity threats. Retrieved from https://www.bangkokpost.com
Ben Salamah, F., Palomino, M. A., Craven, M. J., Papadaki, M., & Furnell, S. (2023). An adaptive cybersecurity training framework for the education of social media users at work. Applied Sciences, 13(17), 9595.
Benjamin, L. B., Adegbola, A. E., Amajuoyi, P., Adegbola, M. D., & Adeusi, K. B. (2024). Digital transformation in SMEs: Identifying cybersecurity risks and developing effective mitigation strategies. Global Journal of Engineering and Technology Advances, 19(2), 134-153.
Bostan Ali, W., Olayinka, J. A., Alam, M. M., & Immelman, A. (2024). Assessing economic implications for micro, small and medium enterprises in Thailand post Covid-19 lockdown. Plos one, 19(2), e0294890.
Brien, E. O., & Hamburg, I. (2014). Supporting Sustainable Strategies for SMEs through Training, Cooperation and Mentoring. Higher education studies, 4(2), 61-69.
Caiazza, R., Phan, P., Lehmann, E., & Etzkowitz, H. (2021). An absorptive capacity-based systems view of Covid-19 in the small business economy. International Entrepreneurship and Management Journal, 17(3), 1419-1439.
Chatsuwan, P., Phromma, T., Surasvadi, N., & Thajchayapong, S. (2023). Personal data protection compliance assessment: A privacy policy scoring approach and empirical evidence from Thailand’s SMEs. Heliyon, 9(10), 1-30.
Cronbach, L. J. (1990). Essentials of psychological testing (5th eds.). London, United Kingdom: Harper & Row.
Cyber DSA. (2025). SMEs cybersecurity outlook in Southeast Asia. Retrieved from https://www.cyberdsa.com
Diamantopoulos, A., & Siguaw, J. A. (2000). Introducing LISREL: A guide for the uninitiated. London, United Kingdom: SAGE Publications.
Digital Policy Alert. (2024). Thailand’s cybersecurity policy updates for SMEs. Retrieved from
https://www.digitalpolicyalert.org
DiMaggio, P. J., & Powell, W. W. (1983). The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields. American Sociological Review, 48(2), 147-160.
Distanont, S., & Diteeyont, W. (2024). The Component Analysis of Blended Training Model for SME. Journal of Business, Innovation and Sustainability (JBIS), 19(1), 187-203.
Hair, J. F., Black, W. C., Babin, B. J., & Anderson, R. E. (2019). Multivariate data analysis (8th eds.). Hampshire, United Kingdom: Cengage Learning.
Hancock, G. R., & Mueller, R. O. (2001). Structural equation modeling: Confirmatory factor analysis and model evaluation (pp. 361-389). In Kazdin, A. E. (Ed.). APA handbook of research methods in psychology. New York, USA.: American Psychological Association.
Leurcharusmee, S., Maneejuk, P., Yamaka, W., Thaiprasert, N., & Tuntichiranon, N. (2022). Survival analysis of Thai micro and small enterprises during the COVID-19 pandemic. Journal of Business Economics and Management, 23(5), 1211-1233.
Liu, C., Liang, H., Wang, N., & Xue, Y. (2022). Ensuring employees’ information security policy compliance by carrot and stick: the moderating roles of organizational commitment and gender. Information Technology & People, 35(2), 802-834.
Kassar, G. (2023). Exploring cybersecurity awareness and resilience of SMEs amid the sudden shift to remote work during the coronavirus pandemic: A pilot study (pp. e107358). In proceeding of the conferences on arpha conference abstracts. Ascencia Business School.
Uthakrit. (2022). A systematic review of organizational readiness guidelines for enhancing cyber security. Information Technology Journal. 9(1), 94-102.
National Innovation Agency (2020). Cloud Computing Adoption in Small and Medium Enterprises (SMEs). National Innovation Agency. Retrieved from https://nia.or.th
Naw, T. D., & Kohsuwan, P. (2023). Roles of Perceived Knowledge, Risk, and Trust in Cybersecurity Solution Implementation: A Study in Bangkok, Thailand. Human Behavior, Development & Society, 24(3), 81-92.
Office of Small and Medium Enterprises Promotion. (2023). SMEs statistics report in Thailand, 2023. Retrieved from https://www.sme.go.th
Oroni, C. Z., & Xianping, F. (2023). Structural evaluation of management capability and the mediation role of cybersecurity awareness towards enterprise performance. Journal of Data, Information and Management, 5(4), 345-361.
Pansuwan, C., & Chitsawang, S. (2023). Guidelines for governance and response to cyber security threats of organizations in the digital age. Rajapark Journal, 17(53), 103-119.
Phrapratanporn, B., Wararatchai, P., Aunyawong, W., & Rashid, N. R. N. A. (2019). Enhancing supply chain performance of SMEs in Thailand using the integrated personnel development model. International Journal of Supply Chain Management, 8(5), 176-186.
Rakthin, S., Chaithanapat, P., Otakanon, B., & Thananusak, T. (2024). Absorptive capacity for market knowledge and knowledge creation outcomes: the case of Thai SMEs. Knowledge Management Research & Practice, 22(4), 327-339.
Rawindaran, N. (2023). Impact of cyber security awareness in small, medium enterprises (SMEs) in Wales (Doctoral dissertation). England: Cardiff Metropolitan University.
Reuters. (2024). Thailand to pursue new policies to boost and protect digital economy. Retrieved from https://www.reuters.com/world/asia-pacific/thailand-pursue-new-policies-boost-protect-digital-economy-2024-11-08
Rodriguez-Baca, L. S., Allagi, S., Larrea-Serquen, R., Cruzado, C. F., Alarcon Diaz, M., Garcia-Hernández, S., & Daza Monteiro, J. (2023). Experimental Study based on the Implementation of a Regulatory Framework for the Improvement of Cyber Resilience in SMEs. International Journal on Recent and Innovation Trends in Computing and Communication, 11(3), 199-205.
RungArun Krasae Sinthu, Wisanupetch Thai, Peeraya Setthaphat, & Klai Rung Krasae Sinthu. (2023). Adaptation of Small and Medium Enterprises (SMEs) Affected by the Outbreak of Coronavirus Disease 2019. Journal of Innovation in Education and Research, 7(1), 260-274.
Schumacker, R. E., & Lomax, R. G. (2016). A beginner’s guide to structural equation modeling (4th eds.). New York, USA.: Routledge.
Sendjaja, T., Rachbini, D. J., Astini, R., & Asih, D. (2024). Beyond Branches: How Fintech and Sustainable Innovation are Reshaping the Banking Landscape in Indonesia. Applied Business and Administration Journal, 3(3), 67-78.
Senivongse, C., Bennet, A., & Mariano, S. (2019). Clarifying absorptive capacity and dynamic capabilities dilemma in high dynamic market IT SMEs. VINE Journal of Information and Knowledge Management Systems, 49(3), 372-396.
Song, J., & Park, M. J. (2024). A system dynamics approach for cost-benefit simulation in designing policies to enhance the cybersecurity resilience of small and medium-sized enterprises. Information Development, 0(0).
Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk management guide for information technology systems. Nist special publication, 800(30), 800-30.
Taeratanachai, C., & Wiriyakitjar, R. (2025). Cybersecurity Analysis in Thailand: Trends, Challenges, and Policy Insights from Case Studies of SMEs, Mobile Banking, and Port Infrastructure. National Defense Studies Institute Journal, 16(1), 43-61.
Thanrattanavanich, C. (2022). Adaptation of Small and Medium Enterprises (SMEs) Under the Pandemic Situation of the Coronavirus Disease 2019 (COVID -19) in Bangkok Metropolis. Journal of Humanities and Social Sciences, Rajapruk University, 8(3), 296–310.
Thamrongthanakit, T. (2023). Impacts of cybersecurity practices on cyberattack damage and protection among small and medium enterprises in Thailand (Master’s Thesis). Sweden: Stockholem University.
The Asian Business. (2024). Cybersecurity job demand in Thailand to rise 15% over next decade. Retrieved from https://www.theasianbusiness.com
Tornatzky, L. G., & Fleischer, M. (1990). The processes of technological innovation. Lexington, USA: Lexington Books.
Utakrit, N., & Kaewsa-ard, A. (2023). A systematic review of organizational preparedness approaches to enhance cybersecurity. Information Technology Journal KMUTNB, 19(1), 94-102.
