Small and Medium Enterprises (SMEs) in the United Kingdom (UK) have almost universally adopted information and communications technology (lCT). So, they are subject to information security threats. Fortunately, there are readily available information security and identity theft resources offering advice and guidance. However, most resources do not specifically address SMEs. This research reviews the relevant information system (IS), information security and SME ICT characteristics literature. The overall aim is to contribute to the understanding of contemporary information security dynamics. Quantitative and qualitative approaches are used to ascertain the nature ofcontemporary respondent information security issues. This research reveals limited SME-oriented IS and information security literature. Respondent§had limited awareness about their information security risks. They had failed to take the appropriate organisational and technical steps to mitigate their risks. Respondents were found to be at risk from a range ofinformation security threats. The contributions ofthis research are two theories explaining aspects of contemporary information sec~ty dynamics amongst respondents. One theory presents constructs to exploit SME information security weaknesses, whilst the other theory presents SME information security improvement constructs. From the improvement theory and identified information security resources, a more concrete recommendations road map with a hierarchy of implementation levels is developed. The road map was packaged and successfully piloted on an SME.