Enhanced National Institute of Standards and Technology Cybersecurity Awareness Framework for Small and Medium Enterprises in Nigeria

Ebiesuwa Seun

Department of Computer Science, School of Computing, Babcock University, Ilishan-Remo, Ogun State, Nigeria.

Okedare Fiyinfolu *

Department of Computer Science, School of Computing, Babcock University, Ilishan-Remo, Ogun State, Nigeria.

*Author to whom correspondence should be addressed.


Abstract

Aims: The study aimed to develop an enhanced cybersecurity awareness framework tailored specifically for Small and Medium-sized Enterprises (SMEs) in Nigeria, addressing their limited resources and unique challenges.

Study Design: A framework development study using secondary data analysis and practical testing on SMEs.

Place and Duration of Study: Conducted in Nigeria, using a dataset from the Small and Medium Enterprises Development Agency of Nigeria (SMEDAN) covering cybersecurity challenges over a five-year period (2021-2025).

Methodology: To prepare the data for analysis, the ETL (Extract, Transform, and Load) approach was employed, involving data cleaning and transformation processes carried out with OpenRefine and Tableau. The identified cybersecurity challenges were systematically analyzed and categorized into three major groups: technical vulnerabilities, human-related risks, and operational gaps. Building on these insights, an enhanced cybersecurity awareness framework was developed by adapting the five core functions of the NIST Cybersecurity Framework: Identify, Protect, Detect, Respond, Recover, and adding a sixth function, Govern with respect to Education. This adaptation simplified the framework into practical, scalable, and cost-effective measures suitable for SMEs with limited resources. The framework was tested under SME network conditions using NS‑3 simulations and practical deployment in ten SMEs. Scenarios included TLS/IPsec sessions, VPNs, encrypted backups, and simulated DoS attacks.

Results: Compliance percentages were derived from structured assessments across the ten SMEs, with results analyzed using risk matrices and performance metrics. Compliance levels ranged from 37.9% to 92.7%. Beyond compliance, quantitative findings showed reduced latency during encrypted sessions, improved throughput under VPN conditions, lower CPU load during cryptographic operations, and faster recovery times following simulated attacks.

Conclusion: The framework proved scalable, cost-effective, and practical for SMEs with limited resources. It highlighted the importance of awareness training and building a strong security culture. Improving cybersecurity awareness and adopting structured practices significantly reduces SME vulnerability to cyber threats. The framework offers a practical roadmap for Nigerian SMEs to enhance cybersecurity, protect sensitive information, and ensure business continuity in the digital economy.

Keywords: Cybersecurity awareness, SMEs, cybersecurity framework, NIST cybersecurity framework, Nigeria, information security


How to Cite

Seun, Ebiesuwa, and Okedare Fiyinfolu. 2026. “Enhanced National Institute of Standards and Technology Cybersecurity Awareness Framework for Small and Medium Enterprises in Nigeria”. Asian Journal of Research in Computer Science 19 (6):106-27. https://doi.org/10.9734/ajrcos/2026/v19i6872.

Downloads

Download data is not yet available.