V. Business, 2018 Data breach investigations report, Trends, pp.1-62, 2018.

D. Veiga, A. Eloff, and J. H. , A framework and assessment instrument for information security culture, Comput. Secur, vol.29, issue.2, pp.196-207, 2010.

S. Dojkovski, S. Lichtenstein, and W. M. , Institutionalising information security culture in Australian SMEs : Framework and key issues, International Symposium on Human Aspects of Information Security & Assurance, pp.10-24, 2007.

A. Tolah, S. M. Furnell, and P. M. , A Comprehensive Framework for Cultivating and Assessing Information Security Culture, The Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA, pp.52-64, 2017.

J. Van-niekerk, V. Solms, and R. , Understanding Information Security Culture: A Conceptual Framework, Proc. ISSA, pp.1-10, 2006.

M. Alnatheer and K. Nelson, Proposed Framework for Understanding Information Security Culture and Practices in the Saudi Context.," 7th Aust, Inf. Secur. Manag. Conf, 2009.

J. Y. Thong and C. S. Yap, Information technology adoption by small business: An empirical study, pp.160-175, 1996.

T. Schlienger and S. Teufel, Information security culture -from analysis to change, South African Comput. J, vol.31, pp.46-52, 2003.

P. Institute and L. , 2017 State of Cybersecurity in Small & Medium-Sized Businesses ( SMB ) Sponsored by Keeper Security, 2017.

D. Straub, K. Loch, R. Evaristo, E. Karahanna, and M. Srite, Toward a Theory-Based Measurement of Culture, J. Glob. Inf. Manag, vol.10, issue.1, pp.13-23, 2002.

M. Karjalainen, M. T. Siponen, P. Petri, and S. S. , One size does not fit all: Different cultures require different information systems security interventions, IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop, 2013.

M. E. Whitman and H. J. Mattord, Principles of Information Security. Fourth Edition, p.617, 2012.

K. D. Mitnick and W. L. Simon, The art of deception: Controlling the human element of security, 2011.

T. Herath and H. R. Rao, Encouraging information security behaviors in organizations : Role of penalties , pressures and perceived effectiveness, Decis. Support Syst, vol.47, issue.2, pp.154-165, 2009.

K. Thomson, V. Solms, R. , and L. L. , Cultivating an organizational information security culture, Comput. Fraud Secur, vol.2006, issue.10, pp.7-11, 2006.

E. H. Schein, Coming to a New Awareness of Organizational Culture, Sloan Manage. Rev, vol.2, pp.3-16, 1984.

G. Hofstede, Cultural dimensions in management and planning, Asia Pacific J. Manag, vol.1, issue.2, pp.81-99, 1984.

E. H. Schein, Organizational Culture and Leadership, 2004.

A. Alhogail, Information Security Culture : A Definition and A Literature Review, 2014.

N. Martins, D. Veiga, and A. , Information Security Culture : A Comparative Analysis of Four Assessments, Eur. Conf. Inf. Manag. Eval, pp.49-58, 2014.

K. J. Knapp, T. E. Marshall, R. Kelly-rainer, N. Ford, F. Rainer et al., Information security: management's effect on culture and policy, Inf. Manag. Comput. Secur, vol.14, issue.1, pp.24-36, 2006.

H. Kinnunen and M. Siponen, Developing Organization-Specific Information Security Policies, PACIS 2018, pp.1-13, 2018.

Y. A. Chen, K. R. Ramamurthy, and W. K. , Impacts of comprehensive information security programs on information security culture, J. Comput. Inf. Syst, vol.55, issue.3, p.11, 2015.

M. T. Siponen, Five Dimensions of Information Security Awareness, Comput. Soc, pp.24-29, 2001.

T. Schlienger and S. Teufel, Analyzing information security culture: Increased trust by an appropriate information security culture, Proc. -Int. Work, pp.405-409, 2003.

. Enisa, European Union Agency For Network And Information Security, 2015.

J. C. Sipior and B. T. Ward, A Framework for Information Security Management Based on Guiding Standards : A United States Perspective, Issues Informing Sci. Inf. Technol, vol.5, pp.51-60, 2008.

V. Solms and B. , Information Security -The Third Wave ?, Comput. Secur, vol.19, pp.615-620, 2000.

M. Siponen and T. Opinion, Information security standards focus on the existence of process, not its content, Commun. ACM, vol.49, issue.8, p.97, 2006.

, Small and Medium Enterprise Development Policy, J. SMEs policies, vol.II, pp.12-20, 2003.

, National Baseline Survey Report for Micro, Small and Medium Enterprises in Tanzania, Ministry of Trade and Financial Sector Deepening Trust, vol.53, 2012.

M. Meckel, D. Walters, and P. Baugh, Mixed-mode surveys using mail and web questionnaires, Electron. J. Bus. Res. Methods, vol.3, issue.1, pp.69-80, 2005.

W. Fan and Z. Yan, Factors affecting response rates of the web survey: A systematic review, Comput. Human Behav, vol.26, issue.2, pp.132-139, 2010.

G. W. Heiman, Basic statistics for the behavioral sciences. Cengage Learning, 2013.

G. Bougaardt and M. Kyobe, Investigating the factors inhibiting SMEs from recognizing and measuring losses from cyber crime in South Africa, Electron. J. Inf. Syst. Eval, vol.14, issue.2, pp.167-178, 2011.

M. Ghobakhloo, T. S. Hong, M. S. Sabouri, and Z. N. , Strategies for successful information technology adoption in small and medium-sized enterprises, Information, vol.3, issue.1, pp.36-67, 2012.

D. Chen and H. Zhao, Data Security and Privacy Protection Issues in Cloud Computing, Int. Conf. Comput. Sci. Electron. Eng, pp.647-651, 2012.