The Global South is not only recognized as one of the fastest-growing regions in terms of Internet population but also as the region that accounts for the majority of Internet users. For instance, it was reported that one region of the Global South, Latin America and the Caribbean (LAC), had the fastest-growing Internet population in the world with 147 million Internet users in 2013, and which continues to grow each year (Organization of American States, 2014). By 2016, the International Telecommunication Union (ITU) reported that Global South economies accounted for the vast majority of Internet users, with 2.5 billion users compared to 1 billion in developed countries (International Telecommunication Union, 2016a). This accelerated and continued growth can be attributed to the momentous increase in mobile subscriptions and robust growth in mobile-broadband penetration (International Telecommunication Union, 2016b, 2018b). While the Internet has enabled the Global South, through the use of Information Communication Technologies (ICTs), to grow their economies, improve livelihoods, share ideas and culture, improve government and social services, collaborate in education, sciences and the arts and to do business (International Telecommunication Union, 2018a; Organization of American States, 2016), it cannot be overlooked that with increasing connectivity to and dependence on Internet-based platforms and services, so too is the increased potential for cybersecurity (CS) threats, attacks and vulnerabilities. Reports in the trade press and the academic literature (albeit minimal) demonstrate these risks or threats and the impact on governments, organizations and citizens. For instance, of the 12 countries that experienced the highest percentage increases in cyberattacks in 2009 compared to 2005, 11 were from the Global South, e.g. Columbia 749%, Indonesia 675% and Zimbabwe 361% (Kim et al., 2012). Further, during a single six-month period, January–June 2016, electronic fraud alone costs the Jamaican economy some $500 million (Williams, 2016); the website of the government of St Vincent and the Grenadines was hacked in 2015 by individuals claiming to be local Islamic State group supporters; also in 2015, a mass ransomware attack on tax authorities blocked users from accessing their systems while demands for money were made; and in 2014 hackers stole US$150 million from Bank of Nova Scotia Jamaica (CARICOM Caribbean Community, 2016). At a meeting in St Lucia, Caribbean countries formally recognized that they are not adequately prepared to counteract cybercrimes and signed off on a regional Cyber Action Plan (Kentish, 2016). According to the regional plan, “preventing and combating cybercrime requires the development of strategies, legislation, criminal justice and ICT (Information and communications technology) expertise, awareness raising, and international cooperation, and involves political, private sector, and civil society leadership at the highest level” (Kentish, 2016). Even though cyber-related incidents associated with the Global South are a critical problem that warrants attention from all levels of government, organizations, individuals and scholars alike, very little research specifically focused on organizations and users in the Global South has been undertaken to further our understanding of this phenomenon. This book contributes to filling this void.

While organizations in the Global South continue to adopt ICTs to deliver services and conduct business, there remains little research about information security, CS and cybercrime issues and strategies contextualized to these developing economies. Moreover, there is even less research about security-related concerns for micro, small and medium enterprises (MSMEs) of the Global South. According to the Organization for Economic Co-operation and Development (OECD), MSMEs play a key role in national economies around the world, generating employment and contributing to innovation (The Organization for Economic Co-operation and Development, 2017). Even more pointedly, MSMEs are known to be essential to the poorest countries in the world; they serve as an important driver of economic growth that accounts for the majority of all businesses (International Monetary Fund, 2015). For instance, in the Caribbean region, the MSME sector accounts for more than 50% of private enterprises and contributes more than 50% to gross domestic product and employment as well as contributing to social development (Caribbean Development Bank, 2016). Likewise, according to researchers, African MSMEs are important to the global economy because their presence and success create “…a growing middle class with disposable income, in tandem with market opportunities for new investors” (de Sousa dos Santos, 2015).

Despite these significant contributions, MSMEs remain largely unsupported and continue to face several major constraints including inadequate access to financial resources for investment and working capital; gaps in training in business skills; high cost of infrastructure services; inadequate physical infrastructure support (for example, warehousing, factory and commercial space, industrial parks, etc.); low levels of technology usage to improve productivity; and lack of competitiveness (Caribbean Development Bank, 2016). In addition to these challenges, MSMEs in the Global South, as well as the Global North, face additional dangers from information and CS threats. Recent CS statistics show that cyberattacks on small businesses increased from 61% to 67% in 2018 over 2017 and that small businesses increasingly face the same CS risks as larger companies (Ponemon Institute, 2018). In another recent industry report, 43% of data breaches in 2018 involved small business victims (Verizon, 2019).

These cited statistics demonstrate that CS threats are just as likely for MSMEs in the Global South as those in the Global North. Arguably, these dangers are more deleterious for the Global South and even more so for Global South MSMEs since they tend to be lean, i.e. they tend to have limited access to trained IT professionals with the capacity to detect, respond to and recover from cyber incidents and limited resources to acquire and implement CS mechanisms. This claim is supported by industry statistics; according to the Ponemon Institute (2018), only 28% of small businesses rate their ability to mitigate threats, vulnerabilities and attacks as highly effective. However, the need for MSMEs in the Global South to be aware of and understand the consequences of CS cannot be understated. Furthermore, how MSMEs in the Global South can improve their cyber and information security posture is not only critical for business success and continuity but also critical for the Global South’s economic development. This book seeks to address these gaps by focusing on CS challenges, potential threats and risks likely faced by MSMEs. This book also seeks to explore and design legislative frameworks and a cybercrime classification scheme appropriate for the Global South economies, among other things. Importantly, this book also explores cyber-related best practices appropriate for Global South MSMEs adoption with the aim for them to improve their cyber and information security posture. Further, this book seeks to sensitize practitioners, public and private institutions about information and CS-related challenges faced by Global South economies generally and Global South MSMEs specifically, so that stakeholders can work collaboratively to create context-specific solutions to address these challenges and improve current practices.

The contributions of this book are organized into three parts: Assessing the Situation, Understanding User Security Compliance Behaviour and Developing Solutions for Managing Cybersecurity Risks.