Cybersecurity Framework: Addressing Resiliency in Welsh SMEs for Digital Transformation and Industry 5.0

Small and medium-sized enterprises (SMEs) continue to face significant cybersecurity challenges due to limited financial resources, technical capacity, and awareness. This study addresses these issues by pursuing four key objectives: (1) conducting a comprehensive assessment of cybersecurity knowledge and awareness within the SME sector through a systematic literature review, (2) evaluating the impact and effectiveness of cybersecurity awareness programs on SME behaviors and risk mitigation, (3) identifying core barriers—financial, technical, and organizational—that hinder effective cybersecurity adoption, and (4) introducing and validating the enhanced ROHAN model in conjunction with the Cyber Guardian Framework (CGF) to offer a scalable roadmap for cybersecurity resilience. Drawing on secondary data from Rawindaran (2023), the research highlights critical deficiencies in SME cybersecurity practices and emphasizes the need for tailored role-specific awareness initiatives. The enhanced ROHAN model addresses this need by delivering customized cybersecurity education based on industry sector, professional role, and educational background. Integrated with the CGF, the framework promotes structured, ongoing improvements across organizational, technological, and human domains. A mixed-methods approach was used, combining quantitative survey data from Welsh SMEs with qualitative interviews involving SME stakeholders. Advanced analytical techniques, including regression testing, Principal Component Analysis (PCA), and data visualization, were employed to uncover key insights and patterns. A distinctive feature of the ROHAN model is its integration of AI-powered tools for real-time risk assessment and decision-making, reflecting the principles of Industry 5.0. By aligning technological innovation with targeted education, this study presents a practical and adaptable cybersecurity framework for SMEs. The findings aim to bridge critical knowledge gaps and provide a foundation for a more resilient, cyber-aware SME sector in Wales and comparable regions.