Abstract:

The paper is focused on summarizing the results of own surveys in the field of information security in the sector of small and medium-sized enterprises in Slovakia carried out in the years 2008 - 2020. It contains an overview of the analyzed literature, based on which the research model was created, as well as the results of a questionnaire survey in enterprises in Slovakia. The aim of the survey was to map the development of companies' approach to information security. Standard methods of scientific work analysis, synthesis, comparison, and selection were used in the preparation of the paper. A questionnaire survey was used to collect data, which was evaluated using descriptive statistics and cluster analysis. The results showed that, in most cases, the values of the research indicators did not change suddenly but gradually and did not show high variation, as might be expected. The highest increase in the surveyed period was observed in the handling of sensitive information (23%), which can be justified by the GDPR. Other positive values were in the cases of approach to personal data protection (an increase of 14%), problem management (an increase of 13%), and integration of information systems within the organization (an increase of 13%). We expected legislative pressure in the Slovak Republic to be the main driver of increased attention to information security, but here we noted an increase of only 10%. Based on the cluster analysis, an unexpected result was observed for small businesses, industry G - Trade - sales, consulting, services, which were classified into three different clusters. This means that small businesses operating in Slovakia in the same industry approach to information security differently. This created the preconditions for their more detailed examination and the ideas for further research.