Small and medium sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks. SMEs have specific characteristics which separate them from large companies and influence their adoption of good cybersecurity practices. To mitigate the SMEs cybersecurity adoption issues and raise their awareness of cyber threats, we have designed a self paced security assessment and capability improvement method, CYSEC. CYSEC is a security awareness and training method that utilises self reporting questionnaires to collect companies information about cybersecurity awareness, practices, and vulnerabilities to generate automated recommendations for counselling. However, confidentiality concerns about cybersecurity information have an impact on companies willingness to share their information. Security information sharing decreases the risk of incidents and increases users self efficacy in security awareness programs. This paper presents the results of semi structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The results were analysed in respect of the Self Determination Theory. The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing. This allows many SMEs to participate in security information sharing activities and supports security experts to have a better overview of common vulnerabilities.

中文翻译：

---

中小企业对安全信息共享的保密问题

中小企业被认为是欧盟经济的重要组成部分，然而，它们极易受到网络攻击。中小企业具有将它们与大公司区分开来并影响它们采用良好网络安全实践的特定特征。为了缓解中小企业网络安全采用问题并提高他们对网络威胁的认识，我们设计了一种自定进度的安全评估和能力改进方法，CYSEC。CYSEC 是一种安全意识和培训方法，它利用自我报告问卷收集公司关于网络安全意识、实践和漏洞的信息，以生成自动咨询建议。然而，对网络安全信息的保密问题会影响公司分享其信息的意愿。安全信息共享可降低发生事故的风险并提高用户在安全意识计划中的自我效能。本文介绍了对七位中小企业首席信息安全官的半结构化访谈结果，以评估在线同意沟通对信息共享动机的影响。结果根据自决理论进行了分析。研究结果表明，具有多种选项的在线同意表明合适的同意水平提高了信息共享的动机。这让许多中小企业可以参与安全信息共享活动，并支持安全专家更好地了解常见漏洞。本文介绍了对七位中小企业首席信息安全官的半结构化访谈结果，以评估在线同意沟通对信息共享动机的影响。结果根据自决理论进行了分析。研究结果表明，具有多种选项的在线同意表明合适的同意水平提高了信息共享的动机。这让许多中小企业可以参与安全信息共享活动，并支持安全专家更好地了解常见漏洞。本文介绍了对七位中小企业首席信息安全官的半结构化访谈结果，以评估在线同意沟通对信息共享动机的影响。结果根据自决理论进行了分析。研究结果表明，具有多种选项的在线同意表明合适的同意水平提高了信息共享的动机。这让许多中小企业可以参与安全信息共享活动，并支持安全专家更好地了解常见漏洞。研究结果表明，具有多种选项的在线同意表明合适的同意水平提高了信息共享的动机。这让许多中小企业可以参与安全信息共享活动，并支持安全专家更好地了解常见漏洞。研究结果表明，具有多种选项的在线同意表明合适的同意水平提高了信息共享的动机。这让许多中小企业可以参与安全信息共享活动，并支持安全专家更好地了解常见漏洞。