With the ongoing digitalization, cybersecurity and risk awareness have gained increasing importance in companies. By taking the right cybersecurity measures, networks, programs, devices, and data can be protected through different technological methods and processes. However, there has been observed a missing knowledge and understanding of SMEs in the area of cybersecurity. The topic of this bachelor thesis is cybersecurity and risk awareness for MEs and SMEs. In more detail, the analysis of existing learning scenarios for SMEs to raise risk awareness about cybersecurity is the focal point.

A qualitative research approach provides the framework. Furthermore, an exploratory approach and inductive reasoning are additional methods used within this thesis. For the interview procedure, a semi-structured interview method was adopted. Also, one SME and one large enterprise were chosen for the interview in order to show the contrast of both preparedness levels of cybersecurity. The interviews delivered valuable information for the further analysis and discussion part. The findings from literature and interviews were linked together, and conclusions were drawn out of the overall findings.

The interviews conducted provided further insights and added depth to the study. Regular training using different learning methods has been proven to increase the learning effect and overall understanding of cybersecurity, where employees respond exceptionally well to create learning scenarios. These findings have been implemented in the elaboration of an own learning scenario, which concludes the study of cybersecurity and risk awareness in SMEs. The presented results from theory and the executed interviews show that levels of cybersecurity knowledge and awareness vary greatly among Swiss companies. Studies have proven that smaller companies tend to have lower employee engagement in cybersecurity than larger firms. The reason for this difference, however, remains uncertain and would be a matter of further research that does not fall into the scope of this study.