Until now, a lot of research on cyber security have been tried, but there have been few studies on overall relationships, including internal factors and external factors. Therefore, this study examined cyber security management considering not only internal elements of SMEs but also corporate management environment. The first qualitative analysis and the second quantitative analysis were conducted through mixed method research. Qualitative analysis was conducted through a semi-structured interview method, and three themes were found: insufficient cyber security management system, internal noncooperation for cyber security, and problems derived from decision-making system. In the quantitative analysis, multiple regression analysis was conducted on the data obtained through the questionnaire. The perception of cyber threats and internal support among independent variables positively influenced the cyber security management system or the dependent variable. Through this study, internal variables had a causal impact on the cyber security management system rather than external environment variables. This implies that the variables related to the organizational culture such as employees’ perception are important. These results are expected to provide practical significance for enhancing the cyber security management system in SMEs.