Article Sidebar

Download
Download Article

Main Article Content

Abstract

This study examines the interrelationship among data privacy practices, cybersecurity readiness, and business continuity planning in enhancing sustainable digitalization within small and medium-sized enterprises (SMEs). This study employs a quantitative descriptive approach using structured survey data collected from 250 SMEs operating in manufacturing, retail, and service sectors in Indonesia. The analysis was conducted using structural equation modeling to assess both direct and mediated relationships among the three digital capabilities and their influence on sustainability outcomes. The results reveal that data privacy practices significantly contribute to improving cybersecurity readiness, and cybersecurity readiness has a positive impact on the development of business continuity plans. Furthermore, business continuity planning mediates the effect of cybersecurity readiness on sustainable performance, which includes operational reliability, digital trust, and environmental responsibility. The findings of this study suggest that secure digital capabilities, when integrated systematically, enhance the long-term viability and resilience of SMEs operating in emerging markets. This research provides empirical evidence supporting a triadic framework linking digital security components with sustainability outcomes in resource-constrained settings.

Keywords

Cybersecurity Data Privacy Business Continuity SME Sustainability Digital Resilience

Article Details

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

How to Cite
Lusiah, L., & Parulian, E. (2025). Securing Sustainable Digitalization: An Integrative Study on Data Privacy, Cybersecurity, and Business Continuity in SMEs. Golden Ratio of Mapping Idea and Literature Format, 5(2), 72–82. https://doi.org/10.52970/grmilf.v5i2.1475
Download Citation
Endnote/Zotero/Mendeley (RIS)
BibTeX

References

  1. Almeida, F., & da Silva, O. M. (2022). Digital transformation and the challenges faced by SMEs: A review. Journal of Small Business and Enterprise Development, 29(4), 525–545. https://doi.org/10.1108/JSBED-11-2021-0453
  2. Alshaikh, M. (2020). Cybersecurity awareness for small and medium enterprises: A review of the literature. Information & Computer Security, 28(1), 131–145. https://doi.org/10.1108/ICS-03-2019-0034
  3. Alvarenga, A., Zwicker, R., & Maçada, A. (2020). Information-security risk management in small enterprises: A case analysis. Journal of Enterprise Information Management, 33(5), 1001–1018. https://doi.org/10.1108/JEIM-10-2019-0318
  4. Asian Disaster Preparedness Center. (2023). SME business continuity practices in Southeast Asia. ADPC.
  5. Bada, M., & Nurse, J. R. C. (2021). Developing cybersecurity education and awareness programmes for SMEs. Journal of Cybersecurity, 7(1), taab003. https://doi.org/10.1093/cybsec/taab003
  6. Bhamra, R., Dani, S., & Burnard, K. (2021). Organisational resilience: Theoretical foundations and research insights. International Journal of Production Research, 59(18), 5470–5499. https://doi.org/10.1080/00207543.2021.1951653
  7. British Standards Institution. (2023). Cybersecurity guidance for SMEs. BSI Group.
  8. British Standards Institution. (2023). Business continuity management for SMEs. BSI Group.
  9. Cybersecurity and Infrastructure Security Agency. (2023). Cybersecurity awareness toolkit for small businesses. U.S. Department of Homeland Security.
  10. Dahlberg, T., & Nokkala, T. (2022). The COVID-19 pandemic’s impact on SMEs’ cybersecurity. Computers & Security, 116, 102642. https://doi.org/10.1016/j.cose.2022.102642
  11. Doern, R., Williams, N., & Vorley, T. (2019). Entrepreneurship and crises: Business as usual? Entrepreneurship & Regional Development, 31(5-6), 400–412. https://doi.org/10.1080/08985626.2018.1541590
  12. Elliott, D., Swartz, E., & Herbane, B. (2019). Business continuity management: A crisis management approach (2nd ed.). Routledge.
  13. Elkington, J. (1997). Cannibals with forks: The triple bottom line of 21st century business. Capstone.
  14. European Union Agency for Cybersecurity. (2022). Cybersecurity for SMEs: Challenges and recommendations. ENISA.
  15. Fernandez-Aleman, J. L., Seva-Llor, C., Toval, A., & Carrillo-de-Gea, J. M. (2018). Governance models and data protection in SMEs. Health Information Science and Systems, 6(1), 1–9. https://doi.org/10.1007/s13755-018-0054-2
  16. Floridi, L., Mittelstadt, B., Allo, P., Taddeo, M., & Almeida, S. (2018). AI4People—An ethical framework for a good AI society. Minds and Machines, 28, 689–707. https://doi.org/10.1007/s11023-018-9482-5
  17. Guo, S., & Pang, M. (2025). Digital technology adoption and sustainability performance: The role of data security. Journal of Cleaner Production, 442, 141233. https://doi.org/10.1016/j.jclepro.2024.141233
  18. Gupta, A., Kumar, R., Singh, A., & Dhaliwal, M. (2023). SME readiness for cybersecurity in digital ecosystems. Information Systems Management, 40(2), 132–148. https://doi.org/10.1080/10580530.2022.2128965
  19. Herbane, B. (2022). Rethinking organisational resilience and continuity: A dynamic-capabilities approach. Journal of Contingencies and Crisis Management, 30(2), 100–112. https://doi.org/10.1111/1468-5973.12353
  20. IBM Security. (2024). Cost of a data breach report 2024. IBM Corporation.
  21. International Organization for Standardization. (2022a). ISO/IEC 27001:2022 – Information security, cybersecurity and privacy protection. ISO.
  22. International Organization for Standardization. (2022b). ISO/IEC 22301:2022 – Security and resilience – Business continuity management systems – Requirements. ISO.
  23. Jansen, J., & Leukfeldt, R. (2021). Trust and cybercrime victimisation in SMEs. Journal of Business Research, 134, 556–565. https://doi.org/10.1016/j.jbusres.2021.05.046
  24. Karim, N. S. A., Abdullah, S., & Malik, S. (2022). Integrating cybersecurity training into SME digital transformation. Asian Journal of Business and Accounting, 15(1), 123–142. https://doi.org/10.22452/ajba.vol15no1.5
  25. Karwatzki, S., Jahn, K., & Baumgartner, F. (2022). Sustainability reporting and data governance in European SMEs. Sustainability Accounting, Management and Policy Journal, 13(4), 789–813. https://doi.org/10.1108/SAMPJ-07-2021-0242
  26. Karwatzki, S., Sävola, F., Trenz, M., & Veit, D. (2017). Adverse consequences of access to personal information. Information Systems Journal, 27(2), 163–200. https://doi.org/10.1111/isj.12088
  27. Kato, M., & Charoenrat, T. (2023). Disaster-risk resilience in Southeast Asian SMEs: A mixed-methods assessment. Journal of Asian Economics, 85, 101523. https://doi.org/10.1016/j.asieco.2023.101523
  28. Kraemer-Mbula, E., Wunsch-Vincent, S., & Ellis, M. (2022). Leadership cognition and digital risk management in African SMEs. Technological Forecasting and Social Change, 181, 121738. https://doi.org/10.1016/j.techfore.2022.121738
  29. Kraus, S., Jones, P., & Kailer, N. (2024). SME crisis management: A systematic review and future agenda. International Small Business Journal, 42(1), 3–32. https://doi.org/10.1177/02662426231197118
  30. Kumar, N., Saini, H., & Thakur, S. (2022). Ransomware targeting SMEs: Causes and countermeasures. Journal of Information Privacy and Security, 18(3), 177–193. https://doi.org/10.1080/15536548.2022.2087654
  31. Lengnick-Hall, C. A., & Beck, T. E. (2005). Adaptive fit versus robust transformation: How organizations respond to environmental change. Journal of Management, 31(5), 738–757. https://doi.org/10.1177/0149206305279367
  32. Li, Q., Yu, Z., & Chen, L. (2023). Cybersecurity awareness and SMEs’ data-protection strategies: Evidence from China. Information Systems Management, 40(1), 54–67. https://doi.org/10.1080/10580530.2022.2096590
  33. Li, Y., Zhang, X., & Lin, R. (2024). Data governance, analytics capabilities and ESG disclosures: A comparative study of SMEs. Sustainability, 16(3), 1221. https://doi.org/10.3390/su16031221
  34. Mittelstadt, B. (2017). Principles alone cannot guarantee ethical AI. Nature Machine Intelligence, 1, 501–507. https://doi.org/10.1038/s42256-019-0088-8
  35. Mital, M., Pani, A., & Ranjan, J. (2023). Socio-technical alignment for organisational resilience: Evidence from emerging-market SMEs. Information Systems Frontiers, 25, 41–62. https://doi.org/10.1007/s10796-022-10278-3
  36. Mökander, J., & Floridi, L. (2021). Ethics-based auditing to develop trustworthy AI. Minds and Machines, 31(4), 595–610. https://doi.org/10.1007/s11023-021-09551-w
  37. Morales-Sáenz, R., Jiménez, C., & Ortega, J. (2024). Cybersecurity capabilities and sustainable digital innovation: A mediation model. Sustainability, 16(4), 2133. https://doi.org/10.3390/su16042133
  38. MSCI. (2024). MSCI ESG ratings methodology 2024 update. MSCI Inc.
  39. National Institute of Standards and Technology. (2023). Resilience framework for small business. U.S. Department of Commerce.
  40. Organisation for Economic Co-operation and Development. (2023). SME and entrepreneurship outlook 2023. OECD Publishing.
  41. Parker, H., & Ameen, J. (2024). Financial resilience and continuity planning in SMEs. Journal of Financial Management, 48(2), 215–238. https://doi.org/10.1002/fm.2406
  42. Radanliev, P., De Roure, D., Nicolescu, R., & Ani, U. (2020). SME cyber-risk management using integrated models. Risk Analysis, 40(9), 1772–1785. https://doi.org/10.1111/risa.13549
  43. Rangone, A., & Di Fatta, G. (2022). Business-continuity capabilities as strategic resources in digital resilience. International Journal of Information Management, 66, 102516. https://doi.org/10.1016/j.ijinfomgt.2022.102516
  44. Rejeb, A., Keogh, J. G., & Treiblmaier, H. (2023). The impact of cyber threats on SMEs’ operational resilience. Sustainability, 15(4), 3678. https://doi.org/10.3390/su15043678
  45. Reuter, C., Yan, Q., & Holanda, M. (2023). Data privacy and consumer trust in SME digital services. Journal of Business Ethics, 185(3), 521–539. https://doi.org/10.1007/s10551-023-05350-6
  46. Santoso, A., & Wardhana, A. (2024). Regulatory compliance and digital-risk governance in Indonesian SMEs. Asian Journal of Business Ethics, 13(1), 75–94. https://doi.org/10.1007/s13520-023-00147-8
  47. Santos, V., Mendes, M. T., & Santos, A. (2021). Business continuity in Portuguese SMEs: An exploratory study. International Journal of Disaster Risk Reduction, 67, 102671. https://doi.org/10.1016/j.ijdrr.2021.102671
  48. Schinagl, S., Paans, R., & Teuteberg, F. (2023). Cybersecurity–BCM alignment and performance in European SMEs. Information & Management, 60(6), 103808. https://doi.org/10.1016/j.im.2023.103808
  49. Siponen, M., & Oinas-Kukkonen, H. (2007). A review of information-security issues and respective research contributions. The DATA BASE for Advances in Information Systems, 38(1), 60–80. https://doi.org/10.1145/1216218.1216224
  50. Tang, Y., Wu, Z., & Zhang, L. (2021). Risk perceptions of SMEs in cybersecurity. Cybersecurity, 4(1), 12. https://doi.org/10.1186/s42400-021-00077-6
  51. Tavoletti, E., Demartini, P., & Ghiselli, G. (2022). Strategic digital readiness and SMEs: A framework of adoption. Journal of Small Business and Enterprise Development, 29(6), 1054–1074. https://doi.org/10.1108/JSBED-06-2021-0257
  52. Teece, D. J. (2021). Dynamic capabilities and strategic management: Organizing for innovation and growth (2nd ed.). Oxford University Press.
  53. Tikkinen-Piri, C., Rohunen, A., & Markkula, J. (2018). EU GDPR: Enforcement, consequences, and lessons for privacy research. Computer Law & Security Review, 34(1), 134–153. https://doi.org/10.1016/j.clsr.2017.05.002
  54. United Nations Conference on Trade and Development. (2024). World investment report 2024: Investing in sustainable digitalization. UNCTAD.
  55. United Nations Office for Disaster Risk Reduction. (2022). SME guide to business continuity planning. UNDRR.
  56. Verreynne, M.-L., Parker, P., & Wilson, N. (2023). Resilience capabilities in small enterprises: A cluster analysis. Small Business Economics, 60(1), 95–119. https://doi.org/10.1007/s11187-022-00641-0
  57. World Bank. (2023). World development report 2023: Investing in digital resilience. World Bank Publications.
  58. Yuliana, I., & Oktaviani, N. (2023). Legal preparedness for personal data protection in Indonesian SMEs. Jurnal Hukum & Pembangunan, 53(2), 145–160. https://doi.org/10.21143/jhp.vol53.no2.3324
  59. Zhao, M., Xu, G., & Xiong, J. (2023). Cloud-native continuity solutions for SMEs: A comparative study. Journal of Cloud Computing, 12(1), 48. https://doi.org/10.1186/s13677-023-00413-9