Gap in cybersecurity knowledge in SME management and staff