Next Article in Journal
Teaching Data Science with Literate Programming Tools
Previous Article in Journal
Digital Health Information Systems in the Member States of the Commonwealth of Independent States: Status and Prospects
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Digital
Volume 3
Issue 3
10.3390/digital3030014
Review Report
digital-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Enhancing Cyber Security Governance and Policy for SMEs in Industry 5.0: A Comparative Study between Saudi Arabia and the United Kingdom

Digital 2023, 3(3), 200-231; https://doi.org/10.3390/digital3030014
by Nisha Rawindaran 1, Liqaa Nawaf 1,*, Suaad Alarifi 2, Daniyal Alghazzawi 2, Fiona Carroll 1, Iyad Katib 2 and Chaminda Hewage 1
Reviewer 1:
Dawid Szurgacz
Reviewer 2:
Sergey Bushuyev
Reviewer 3:
Hoon Ko
Digital 2023, 3(3), 200-231; https://doi.org/10.3390/digital3030014
Submission received: 13 June 2023 / Revised: 19 July 2023 / Accepted: 31 July 2023 / Published: 14 August 2023

Round 1

Reviewer 1 Report

The paper called  SME Resistance to Cyber Security in Industry 5.0 by Nisha Rawindaran, Liqaa Nawaf , Suaad Alarifi, Daniyal Alghazzawi, Fiona Carroll, Iyad Katib and Chaminda Hewage. The publication is an overview of the issue of industry 5.0. In my opinion, the publication is too long, it could be shortened by half.Very good publication, the research problems were very well presented. The main idea is clearly explained and I’m really impressed by the variety of research methods.

There are some major aspects I would like to highlight:

1)     The title of the publication needed to be redrafted, is too short

2)     It would be advisable to write an introduction corresponding to the content of the publication.

3)     Please present the purpose and scope of the work and include it in the introduction.

4)     The abstract should be written in accordance with MDPI standards.

5)     What is the future direction of this research?

6)     Publication describes a technical solution, too little scientific description.

7)     The authors could add a paragraph with a brief description of the extent to which the presented research and results contribute to science.

The presented conclusions may be of fundamental importance, therefore they should be presented in a better light and the author(s) should emphasize the original research contribution. I believe, that suggested amendments will significantly increase the relevance of the publication and will improve it. After applying all required changes, the paper is suitable for publication.

Author Response

Reviewer 1:

Comments and Suggestions for Authors

The paper called  SME Resistance to Cyber Security in Industry 5.0 by Nisha Rawindaran, Liqaa Nawaf , Suaad Alarifi, Daniyal Alghazzawi, Fiona Carroll, Iyad Katib and Chaminda Hewage. The publication is an overview of the issue of industry 5.0. In my opinion, the publication is too long, it could be shortened by half.Very good publication, the research problems were very well presented. The main idea is clearly explained and I’m really impressed by the variety of research methods.

There are some major aspects I would like to highlight:

  • The title of the publication needed to be redrafted, is too short

This is now changed to : Enhancing Cyber Security Governance and Policy for SMEs in Industry 5.0: A Comparative Study between Saudi Arabia and the United Kingdom

  • It would be advisable to write an introduction corresponding to the content of the publication.

This is now changed to reflect the content.

  • Please present the purpose and scope of the work and include it in the introduction.

This is now all changed to include scope of work and purpose.

4)     The abstract should be written in accordance with MDPI standards.

This is now all in MDPI standards

  • What is the future direction of this research?

This is now included in the conclusion and future works section of the paper.

6)     Publication describes a technical solution, too little scientific description.

This I have attempted to change, hope it suits your focus on the description throughout the paper to how it reads.

7)     The authors could add a paragraph with a brief description of the extent to which the presented research and results contribute to science.

The presented conclusions may be of fundamental importance, therefore they should be presented in a better light and the author(s) should emphasize the original research contribution. I believe, that suggested amendments will significantly increase the relevance of the publication and will improve it. After applying all required changes, the paper is suitable for publication.

This is now added to reflect the conclusion of the paper.

Reviewer 2 Report

The advent of Industry 5.0 has ushered in groundbreaking technological advancements, enabling the integration of physical systems with digital networks. However, these technological strides have also brought a surge in cyber threats, posing significant risks to organizations, especially small and medium-sized enterprises (SMEs). This study investigates the resilience of SMEs in Saudi Arabia and the United Kingdom, within the context of Industry 5.0, regarding their adoption of cyber security measures, with a specific emphasis on governance and policy. The research explores the cultural and economic factors that contribute to SMEs' resistance to cyber security, including insufficient awareness and understanding of cyber risks, limited financial resources, and conflicting business priorities. Additionally, it examines the role of government policies and regulations in promoting cyber security practices among SMEs, comparing the approaches employed by the Saudi Arabian and UK governments. By employing a mixed methods analysis involving interviews with SME owners and experts, the study sheds light on the challenges and opportunities for enhancing cyber security governance and policy in both countries. The findings indicate that while there are similarities in the challenges faced by SMEs in Saudi Arabia and the UK, their cultural and economic contexts differ significantly, necessitating customized solutions. This research scrutinizes the cyber security awareness among SMEs in Saudi Arabia, specifically focusing on the extent of their security measures, their awareness of and adherence to the best practices outlined in the Essential Cyber Security Controls (ECC-1:2018), and questioning their security mindset.

Proposals for improvements:

1. To understand the relationships, the system model of the research hypotheses must be presented in the form of a graph indicating the relationships.

2. It is advisable to expand the study by analyzing the behaviour of SMEs in Brittle, Anxious, Nonlinear, and Incomprehensible (BANI) environments.

 

Author Response

Reviewer 2:

Comments and Suggestions for Authors

The advent of Industry 5.0 has ushered in groundbreaking technological advancements, enabling the integration of physical systems with digital networks. However, these technological strides have also brought a surge in cyber threats, posing significant risks to organizations, especially small and medium-sized enterprises (SMEs). This study investigates the resilience of SMEs in Saudi Arabia and the United Kingdom, within the context of Industry 5.0, regarding their adoption of cyber security measures, with a specific emphasis on governance and policy. The research explores the cultural and economic factors that contribute to SMEs' resistance to cyber security, including insufficient awareness and understanding of cyber risks, limited financial resources, and conflicting business priorities. Additionally, it examines the role of government policies and regulations in promoting cyber security practices among SMEs, comparing the approaches employed by the Saudi Arabian and UK governments. By employing a mixed methods analysis involving interviews with SME owners and experts, the study sheds light on the challenges and opportunities for enhancing cyber security governance and policy in both countries. The findings indicate that while there are similarities in the challenges faced by SMEs in Saudi Arabia and the UK, their cultural and economic contexts differ significantly, necessitating customized solutions. This research scrutinizes the cyber security awareness among SMEs in Saudi Arabia, specifically focusing on the extent of their security measures, their awareness of and adherence to the best practices outlined in the Essential Cyber Security Controls (ECC-1:2018), and questioning their security mindset.

Proposals for improvements:

  1. To understand the relationships, the system model of the research hypotheses must be presented in the form of a graph indicating the relationships.

The hypotheses is now in section 6.1 and model is now in section 8, with figure 20 added

  1. It is advisable to expand the study by analysing the behaviour of SMEs in Brittle, Anxious, Nonlinear, and Incomprehensible (BANI) environments.

Added in Section 3 and Section 8

Reviewer 3 Report

This is to work SME resistance to cyber security in industry 5.0. It looks interested in, however, because of next reasons, I decided major revision to this manuscript.

-      What is exactly industry 5.0? And what differences are between industry 4.0 and 5.0?

-      I think it is just a surveyed manuscript. Are there any academic issues in this manuscript?

-      In Section 2.2, the authors investigated it in Saudi Arabia Government. Next selection is UK. Any reason why the authors select this country?

-      Section 6 is the methodology and experiment, but no experiment in this section. Without the description for the experiment, we met the section 7. Results.

 

-      There are many issues in this manuscript, but looks no connection to academic, novelty and innovation. It is just a report not academic paper. I think, any excuse to this comment?

- if the authors don't add up following comments, this manuscript can't get acceptance.

This is to work SME resistance to cyber security in industry 5.0. It looks interested in, however, because of next reasons, I decided major revision to this manuscript.

-      What is exactly industry 5.0? And what differences are between industry 4.0 and 5.0?

-      I think it is just a surveyed manuscript. Are there any academic issues in this manuscript?

-      In Section 2.2, the authors investigated it in Saudi Arabia Government. Next selection is UK. Any reason why the authors select this country?

-      Section 6 is the methodology and experiment, but no experiment in this section. Without the description for the experiment, we met the section 7. Results.

 

-      There are many issues in this manuscript, but looks no connection to academic, novelty and innovation. It is just a report not academic paper. I think, any excuse to this comment?

- if the authors don't add up following comments, this manuscript can't get acceptance.

Author Response

Reviewer 3:

Comments and Suggestions for Authors

This is to work SME resistance to cyber security in industry 5.0. It looks interested in, however, because of next reasons, I decided major revision to this manuscript.

-      What is exactly industry 5.0? And what differences are between industry 4.0 and 5.0?

            This has now been explained in section 2.1

-      I think it is just a surveyed manuscript. Are there any academic issues in this manuscript?

This manuscript now has a framework, to follow.

-      In Section 2.2, the authors investigated it in Saudi Arabia Government. Next selection is UK. Any reason why the authors select this country?

This is a funded project between governments in cyber security

-      Section 6 is the methodology and experiment, but no experiment in this section. Without the description for the experiment, we met the section 7. Results.

This is now rewritten

 -      There are many issues in this manuscript, but looks no connection to academic, novelty and innovation. It is just a report not academic paper. I think, any excuse to this comment?

This is now added in section 8.2

- if the authors don't add up following comments, this manuscript can't get acceptance.

 

 

Round 2

Reviewer 1 Report

I am familiar with the changes made.

I accept the current version of the publication.

Accept in present form

Reviewer 3 Report

I am so pleased to my acceptance for this paper. I am sure the revised manuscript had updated following the first-round comments, and all of them are clean what this paper is insisting.

Back to TopTop