The Effects of Cybercrime on Performance of Small and Medium Enterprises (SMEs) in Nairobi County, Kenya

Abstract

Small and Medium Enterprises (SMEs) are the backbone of Kenya's economy. However, due to their nature of business operations SMEs typically lower their costs on information technology to the extent that they outsource any digital services, occasionally encourage employees to use Bring Your Device (BYOD) and depend on cloud services at work as a strategy to save finances on technology devices. This makes the SMEs susceptible to cyber-crime. The purpose of this study was to investigate the influence of cybercrime on the operational performance of Nairobi-based SMEs. The specific objectives included determining the impact of data breaches, identity theft, phishing, and malware attacks on the performance of SMEs. The study used a cross-sectional descriptive research approach, focusing on SME owners in Nairobi County's Kamukunji constituency. The study used a simple random sampling approach to choose 358 SMEs in the Kamukunji constituency as its sample population. Data was collected via questionnaires, a key informant interview guide, and secondary sources, and it included both quantitative and qualitative features. Quantitative data was evaluated and displayed in tables and figures using descriptive and inferential statistics. Meanwhile, qualitative data gathered through interviews and open-ended questions was analyzed and presented in narrative form. Cronbach's Alpha dependability was used to determine the instruments' reliability. The study's findings revealed that cybercrime has a negative influence on the performance of SMEs. Specifically, the findings indicate that data breaches had a significant impact on consumer behavior, which in turn affected the success of SMEs. The study also revealed that data breaches occurred due to the easy access of SME information on social media platforms. This had resulted in more businesses being vigilant of the customers making electronic payments. Further, the findings revealed that phishing and malware attacks were a problem faced by SMEs who had not invested in establishing effective cyber security strategies. In this regard, the study recommends that SMEs should work hand in hand with ICT specialists/experts to ensure that their business information is secure and protected. This provides a good working environment since the focus of the SMEs will be in generating income, hence improving performance.