Information security incidents are most commonly caused by user behaviour, placing the user in focus. In order to mitigate information security threats and thereby protect the organisation, more and more are adopting a socio-technical viewpoint, which implies adopting the belief that information security cannot be solved with technology alone. A common way to address the user is by adopting awareness-raising activities. All types of organisations struggle to raise awareness. Several studies have pointed out small and medium-sized enterprises (SMEs) as being extra vulnerable and, in addition, having more issues adopting awareness-raising activities. There are few studies investigating factors influencing the adoption of awareness-raising activities in general, and the body of literature is even more scarce when focusing on the factors from an SME perspective. This study targets the gap by investigating what factors influence the adoption of awareness-raising activities in SMEs. We did this by conducting a semi-structured interview study in 10 organisations. Five factors with a total of seven sub-factors were found: Resources (with the sub-factors time and cost), implementation, content (with the sub-factors quality, adaptability, and comprehensibility), compliance, management (with the sub-factors management support and motivation of the employees).