Architecting Resilience: A Design Thinking Approach to Managed Detection and Response (MDR) Service Frameworks for Small and Medium-Sized Enterprises

Authors

  • Dr. Marelia T. Venshiro School of Cybersecurity & Threat Analytics, National University of Singapore (NUS), Singapore

Keywords:

Managed Detection and Response, SMB Cybersecurity, Design Thinking, Threat Intelligence, Security Operations Center

Abstract

Background: Small and Medium-sized Enterprises (SMBs) increasingly face sophisticated cyber threats previously reserved for large corporations. However, they often lack the financial resources and technical expertise to maintain 24/7 Security Operations Centers (SOCs). Managed Detection and Response (MDR) services offer a potential solution, yet traditional service models are often ill-adapted to the economic and operational realities of SMBs.

Objective: This study aims to design a scalable, profitable, and effective MDR service framework specifically tailored for the SMB market. The research seeks to bridge the gap between high-level enterprise security requirements and the resource constraints of smaller organizations using Design Thinking principles.

Method: Adopting a Design Science Research (DSR) approach, this paper synthesizes literature on cyber situational awareness, Routine Activity Theory, and Industry 4.0 maturity. We utilize a Design Thinking methodology to construct a modular MDR architecture that integrates AI-driven threat detection with human-centric analysis.

Results: The study presents a multi-layered MDR framework. The technological layer leverages hybrid cloud architectures and AI for cost-effective log analysis. The operational layer defines a shared-resource analyst model to reduce overhead. The economic layer proposes a tiered service design that aligns with SMB risk appetites and budgetary limits while ensuring provider profitability.

Conclusion: The proposed framework demonstrates that robust cybersecurity for SMBs is achievable through the intelligent integration of automation and shared-service models. By shifting from volume-based to value-based detection strategies, MDR providers can offer sustainable protection against modern threats.

References

Rajgopal, P. R. (2025). MDR service design: Building profitable 24/7 threat coverage for SMBs. International Journal of Applied Mathematics, 38(2s), 1114-1137.

ALAHMARI, A. & DUNCAN, B. (2020). Cybersecurity risk management in small and Medium-Sized Enterprises: A Systematic Review of Recent Evidence. In Int. Conf. on Cyber Situational Awareness, Data Analytics and Assessment.

BHATTACHARYA, D. (2015). Evolution of cybersecurity issues in small businesses, Technology. In 4th Annual Conference on Research in Information.

CAMBRIDGE DICTIONARY. (2023). Retrieved 7 October 2023, from https://dictionary.cambridge.org/tr/

CHIDUKWANI, A., ZANDER, S., & KOUTSAKIS, P. (2022). A Survey on the Cyber Security of Small-to-Medium Businesses: Challenges, Research Focus and Recommendations. IEEE Access, 10.

Australian Government. (2021, August 3). Protect your business from cyber threats. Business.gov.au.

DEMİR, S., SARIIŞIK, G., & ÖĞÜTLÜ, A. S. (2022). KOBİ lerin Endüstri 4.0 Farkındalık ve Olgunluk Seviyesinin Belirlenmesi. Journal of Business Research - Turk, 14(4).

Bender-Salazar, R. (2023). Design thinking as an effective method for problem-setting and needfinding for entrepreneurial teams addressing wicked problems. Journal of Innovation and Entrepreneurship, 12(1).

Bello, M., & Griffiths, M. (2020). Routine Activity Theory and Cybercrime Investigation in Nigeria: How Capable Are Law Enforcement Agencies? Rethinking Cybercrime.

CESER (2021). C2M2, version 2.0. Department of Energy.

Chris Sylvester (2018). Your Small Business’s Greatest Cybersecurity Threat Comes from Inside. Network Depot.

Cloudian. (n.d.). Splunk Architecture: Components and Best Practices. Cloudian.

CYBERSECURITY. (2023). Retrieved 8 October 2023, from https://business.defense.gov/Work-with-us/Cybersecurity/

Back, S., & LaPrade, J. (2020). Cyber-Situational Crime Prevention and the Breadth of Cybercrimes among Higher Education Institutions. International Journal of Cybersecurity Intelligence & Cybercrime.

Daniel, K., & Andreas, J. (2022). Evaluation of AI-based use cases for enhancing the cyber security defense of small and medium-sized companies (SMEs). Electronic Imaging, 34(3).

Downloads

Published

2025-11-26

How to Cite

Dr. Marelia T. Venshiro. (2025). Architecting Resilience: A Design Thinking Approach to Managed Detection and Response (MDR) Service Frameworks for Small and Medium-Sized Enterprises. European International Journal of Multidisciplinary Research and Management Studies, 5(11), 48–53. Retrieved from https://www.eipublication.com/index.php/eijmrms/article/view/3573

Issue

Vol. 5 No. 11 (2025): Volume V Issue XI

Section

Articles

License

Copyright (c) 2025 Dr. Marelia T. Venshiro

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Individual articles are published Open Access under the Creative Commons Licence: CC-BY 4.0.