laws5.65.45.254.84.6Fig. 3. Mean sc

laws5.65.45.254.84.6Fig. 3. Mean scores of employee related risks vs organisational role.A Kruskal-Wallis test was performed to establish whetherorganisational roles influenced perceptions of risk. It found10a sta-tistically significant association between the groups across threevariables relating to risks from employees, and in one variable relat-ing to reputational risk. The results are shown in Table 6 and inFigs. 2 and 3.The evidence suggested that IT professionals – such as man-agers, head of departments, directors and technicians – give higherpriority to the perceived threat of reputational damage comparedwith other groups. Typical means ranged from 2 to 2.5 for thosewith IT roles, compared with 3.5–4.8 for those without an IT role.An important difference between those with an IT functionalrole and those with other roles is that the former see securitythreats from former employees and inadequate staff training ashigh-risk areas.The nature of risk perception within and between the voca-tional role and responsibility groups was explored by comparingIT and non-IT professionals. Three subsets were formed, one cov-ering IT professionals and two relating to managing directors andowners/proprietors. The Kruskal–Wallis test showed statisticallysignificant differences between the three groups with respect tofive risk variables-three relating to employee related threats andone each relating to reputation and regulatory threats. The resultsare shown in Table 7.11Table 7 shows that respondents with IT-facing roles viewemployee-related threats as riskier than managers and owners.As noted previously, this may reflect either the imperfect knowl-edge of owners and top managers of the risk and the complexityof technology-led business. Alternatively, it could reflect “specialpleading” on the part of IT professionals.A second difference relates to employee training. The perceivedhigher risk associated with inadequate training reported by IT pro-fessionals may reflect recognition of the complexity of e-businesstechnologies. They may view the ‘failure to deliver’ systems asdamaging to the reputation of the business. Given non-IT profes-sionals lack the knowledge and experience of IT professionals itmay explain the difference in how risk is perceived.The scale of threats relating to legal and regulatory issues alsodiffer between IT professionals and other senior respondents. Pos-sibly because the likelihood of exposure of SMEs to legal andregulatory threats is small, key personnel (i.e., the managers and10For these four risk variables, the test showed probabilities less than the acceptedp value of 0.05.11Further information is provided in Appendix 1.owners) rate the threat as low. However, IT professionals with per-haps a greater understanding of the consequences of, and exposureto, the complexities of running e-business, are less sanguine.The risk rating and mean values of those performing differentfunctional roles are shown in Figs. 2 and 3, respectively.The above analysis only distinguished between IT profession-als and other senior managers/owners. However, in an SME these“roles” are often more fuzzy than in a larger enterprise. This addsan additional dimension of complexity to interpreting the impli-cations of our findings. For example, for an SME to fully benefitfrom e-business some managerial functions may have to be cre-ated, infused or the abolished (Levy & Powell 2005). This may resultin a direct loss of control, by the owner, thereby altering the degreeof trust placed on, and required of, employees. We contend thata higher degree of trust placed upon employees with particularexpertise on e-business will occur. So, although SMEs may have e-business operations which are less technical and complex than inlarger enterprises, arguably trust between employees and the man-agement is especially vital in SMEs (Storey et al., 2010). Our resultssuggest that the nature of the firm’s-specific business environmentmay play an important role in negating how employees’ percep-tions of e-business threats are addressed. As firms grow, complexityincreases and so the knowledge and resources required to deal withthe complexity increases, which in turn, may lead to an increase intrust. This may explain differentially perceived risk threats amongstSMEs of different sizes.Overall, our results partially support Hypothesis 2. The technol-ogy investment decision process utilised by the owner/manager isinfluenced by the knowledge of key staff. However interpreting theimplications for individual SMEs is problematic.5.3. Nature of primary industry on E-business risk perceptionHypothesis 3. Tests whether the SMEs’ primary industry influ-ences how the owner/manager perceives risks associated withe-business. Twenty-four sectors were identified in Appendix 2.There were no clear differences in the rating of e-business threatamongst respondents from the service, manufacturing and retailsectors. Security risks relating to viruses, credit card fraud anddenial of service attacks were rated as the top three threats, whilereputation and technology risks populated the medium risk cate-gory. The lowest risk category was occupied by legal, complianceand employee-related risks. The complete rating of the risks by dif-ferent industries is given in Appendix 2. The Kruskal–Wallis testshowed no statistically significant differences by sector.Our analysis does not support hypothesis H. The primaryindustry of the SME did not influence the risk perception of theowner/managers when making technology investment decisions.6. Discussion and conclusionThis paper, while not conclusive, encourages a broader appre-ciation of the subtleties of risk decisions in dynamic, complex andoften covertly inter-connected context of e-business. It does notclose the debate rather it acts as a starting point for further debate.This study makes four contributions to improving our under-standing of technology risk within SMEs, using a psychometricapproach to examining owner/manager perceptions relating to e-business/on-line risk.Its first contribution is to extend the more technically-focussedstudies of technology usage within SMEs, such as Levy et al. (2005)and Levy and Powell (2003). This paper emphases the importanceof perception of risk in influencing technological investment deci-sions. It found that SMEs view security-related issues as theirgreatest threat, flowed by viruses and worms, and credit card fraud