Navigation
FTSOP Home- Editorial Board
- Current Issue
- Indexing
- Forthcoming Articles
- Ethical Standards and Transparency in Publishing Standards (E-STaPS)
Archives
- Vol. 1
Archiving
Fernando Martins De Bulhão is a member of
A PMO-Led Cybersecurity Integration Framework for Enhancing Governance in SMEs
Authors:
Raja Poudel
Addresses:
Department of Computer and Information Sciences, Northumbria University, Newcastle upon Tyne, England, United Kingdom.
Over 99% of EU companies are SMEs, yet resource constraints, lack of cybersecurity professionals, and maturity prevent them from implementing adequate cybersecurity precautions. SME PMOs prioritise time, budget, and scope, leaving cybersecurity to IT or to be ignored. This research creates a PMO-led Cybersecurity Integration Framework for SMEs with 10 to 250 staff and modest IT resources to integrate cybersecurity governance into project management. The systematic study of 2019–2025 peer-reviewed papers is grounded in pragmatism and design science. Here are notable cyberattack case studies. SME resource gaps, lack of PMO domain integration, late-stage security integration in the Waterfall project development model, clashes between Agile speed and cybersecurity priorities, or inappropriate corporate frameworks for SME cybersecurity were noted in the literature review. Three recurrent project management difficulties, invisible risk, no security budget, and unclear security responsibility ownership were found in HSE Ireland ransomware attacks (€100M+ damage, four months’ recovery) and MOVEit supply chain hack (2700+ enterprises, 93 million individuals The framework has twelve components in four functional groups: Waterfall Security Integration (FR-01–FR-05), Agile Security Integration (FR-06), Standing Security Projects (FR-07–FR-08), and PMO Governance. This system uses integration, risk-proportionate governance, forcing functions over optional checkpoints, continuous protection, and methodology-agnostic design. Counterfactual validation reveals the method would have solved governance weaknesses that caused breaches. The research presents theoretical foundations and practical templates for security-unsavvy SMEs.
Keywords: Project Management; Cybersecurity Integration Framework; Waterfall Project Development; Unclear Security; Agile Security Integration; Corporate Frameworks.
Received on: 15/06/2025, Revised on: 18/08/2025, Accepted on: 01/10/2025, Published on: 05/03/2026
DOI: 10.69888/FTSOP.2026.000614
FMDB Transactions on Sustainable Organisational Practices, 2026 Vol. 1 No. 1, Pages: 45–68
- Views : 215
- Downloads : 21