Date of Award

Spring 4-2025

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Cyber Defense (PhDCD)

First Advisor

Varghese Vaidyan

Second Advisor

Yong Wang

Third Advisor

Gurcan Comert

Abstract

As cloud computing becomes integral to business operations, security compliance is crucial for the success and sustainability of Small and Medium-Sized Enterprises (SMEs). While cloud adoption offers cost efficiency, scalability, and operational flexibility, it also introduces regulatory and security challenges. Unlike large enterprises with dedicated compliance teams and substantial budgets, SMEs often lack the financial resources and expertise to implement security frameworks effectively. Compliance with industry standards such as ISO 27001, SOC 2, NIST 800-171, and PCI DSS is particularly difficult, yet non-compliance can result in severe financial penalties, reputational damage, operational disruptions, and heightened cyber risks. Despite growing regulatory requirements, many SMEs perceive compliance as an expense rather than a strategic investment. This perception leads to reactive approaches, where security issues are addressed only after they arise, increasing risk exposure and placing SMEs at a disadvantage in industries where compliance, data privacy, and cybersecurity transparency influence customer trust and business partnerships. Given these challenges, there is a need to examine how security compliance efforts impact SME business performance, not only in terms of risk reduction but also in financial stability and operational resilience.

Existing research primarily focuses on the technical and regulatory aspects of security compliance, yet there is a gap in understanding its influence on SME business outcomes such as financial sustainability, customer trust, and operational resilience. While some studies explore barriers to compliance, few empirically examine the correlation between security compliance efforts and key business performance indicators in cloud-based SME environments. This study addresses that gap by employing a quantitative research method to analyze the relationship between security compliance strategies and SME business success.

A structured survey was conducted among SME leaders, IT security managers, and compliance officers to collect data on compliance challenges, risk management efforts, security investments, and industry best practices. The study evaluates which compliance measures contribute most to SME competitiveness, cost efficiency, and scalability. Key areas of focus include regulatory compliance reviews, structured risk assessments, employee security training, incident response preparedness, and vendor risk management.

Findings reveal that security compliance is not merely a regulatory obligation but a strategic enabler of business success. SMEs that invest in proactive compliance experience cost savings, stronger customer confidence, and improved scalability in cloud environments. Regular compliance audits and structured risk assessments are identified as strong predictors of business stability, while security training programs directly enhance incident response efficiency, reducing downtime and financial losses from security breaches.

From a theoretical perspective, this study demonstrates how regulatory preparedness and compliance-driven security strategies influence SME business performance. Empirical evidence reinforces the understanding that compliance initiatives not only strengthen risk mitigation efforts but also contribute to financial performance and market competitiveness.

Beyond academic contributions, this study provides practical insights for SMEs, policymakers, and industry regulators. It highlights the need for SME-friendly security compliance frameworks that balance regulatory requirements with cost-effective implementation. Regulatory bodies can leverage these findings to develop tailored compliance guidelines, while SME leaders can use them to prioritize compliance investments that enhance both security resilience and business sustainability. Ultimately, this study reinforces that security compliance is not a barrier to SME growth but a driver of trust, operational efficiency, and long-term success. By shifting the perception of compliance from a financial burden to a business enabler, SMEs can fully leverage cloud-based infrastructures while safeguarding sensitive data, reducing cybersecurity risks, and achieving greater financial stability.

Download

Share

COinS