IDEAS home Printed from https://ideas.repec.org/a/eee/bushor/v64y2021i5p659-671.html
   My bibliography  Save this article

Cybersecurity: Risk management framework and investment cost analysis

Author

Listed:
  • Lee, In

Abstract

As organizations accelerate digital transformation with mobile devices, cloud services, social media, and Internet of Things services, cybersecurity has become a key priority in enterprise risk management. While improving cybersecurity leads to higher levels of customer trust and increased revenue opportunities, rapidly evolving data protection and privacy regulations have complicated cybersecurity management. Against the backdrop of rapidly rising cyberbreaches and the emergence of novel cybersecurity technologies such as machine learning and artificial intelligence, this article introduces a cyber risk management framework, discusses a cyber risk assessment process, and illustrates a continuous improvement of cybersecurity performance and cyberinvestment cost analysis with a real-world cybersecurity example.

Suggested Citation

  • Lee, In, 2021. "Cybersecurity: Risk management framework and investment cost analysis," Business Horizons, Elsevier, vol. 64(5), pages 659-671.
    • Handle: RePEc:eee:bushor:v:64:y:2021:i:5:p:659-671
    DOI: 10.1016/j.bushor.2021.02.022
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0007681321000240
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.bushor.2021.02.022?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Dang-Pham, Duy & Pittayachawan, Siddhi & Bruno, Vince, 2016. "Impacts of security climate on employees’ sharing of security advice and troubleshooting: Empirical networks," Business Horizons, Elsevier, vol. 59(6), pages 571-584.
    2. Mills, Adam J. & Watson, Richard T. & Pitt, Leyland & Kietzmann, Jan, 2016. "Wearing safe: Physical and informational security in the age of the wearable device," Business Horizons, Elsevier, vol. 59(6), pages 615-622.
    3. Cusack, Brian & Ghazizadeh, Eghbal, 2016. "Evaluating single sign-on security failure in cloud services," Business Horizons, Elsevier, vol. 59(6), pages 605-614.
    4. Abraham, Chon & Chatterjee, Dave & Sims, Ronald R., 2019. "Muddling through cybersecurity: Insights from the U.S. healthcare industry," Business Horizons, Elsevier, vol. 62(4), pages 539-548.
    5. Luca Allodi & Fabio Massacci, 2017. "Security Events and Vulnerability Data for Cybersecurity Risk Estimation," Risk Analysis, John Wiley & Sons, vol. 37(8), pages 1606-1627, August.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Saif Hussein Abdallah Alghazo & Norshima Humaidi & Shereen Noranee, 2023. "Assessing Information Security Competencies of Firm Leaders towards Improving Procedural Information Security Countermeasure: Awareness and Cybersecurity Protective Behavior," Information Management and Business Review, AMH International, vol. 15(1), pages 1-13.
    2. Henock Mulugeta Melaku, 2023. "Context-Based and Adaptive Cybersecurity Risk Management Framework," Risks, MDPI, vol. 11(6), pages 1-22, May.
    3. Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
    4. Slapničar, Sergeja & Axelsen, Micheal & Bongiovanni, Ivano & Stockdale, David, 2023. "A pathway model to five lines of accountability in cybersecurity governance," International Journal of Accounting Information Systems, Elsevier, vol. 51(C).
    5. Ben Kejwang, 2022. "Effect of cybersecurity risk management practices on performance of insurance sector: A review of literature," International Journal of Research in Business and Social Science (2147-4478), Center for the Strategic Studies in Business and Finance, vol. 11(6), pages 334-340, September.
    6. Philippe Funk, 2022. "Artificial Intelligence And Cybersecurity Implications For Business Management," Economy & Business Journal, International Scientific Publications, Bulgaria, vol. 16(1), pages 252-261.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. repec:zib:zibaem:v:7:y:2023:i:1:p:25-33 is not listed on IDEAS
    2. Camélia Radu & Nadia Smaili, 2022. "Board Gender Diversity and Corporate Response to Cyber Risk: Evidence from Cybersecurity Related Disclosure," Journal of Business Ethics, Springer, vol. 177(2), pages 351-374, May.
    3. Edward J. Oughton & Daniel Ralph & Raghav Pant & Eireann Leverett & Jennifer Copic & Scott Thacker & Rabia Dada & Simon Ruffle & Michelle Tuveson & Jim W Hall, 2019. "Stochastic Counterfactual Risk Analysis for the Vulnerability Assessment of Cyber‐Physical Attacks on Electricity Distribution Infrastructure Networks," Risk Analysis, John Wiley & Sons, vol. 39(9), pages 2012-2031, September.
    4. Tsan‐Ming Choi & James H. Lambert, 2017. "Advances in Risk Analysis with Big Data," Risk Analysis, John Wiley & Sons, vol. 37(8), pages 1435-1442, August.
    5. Lord Ferguson, Sarah & Smith, Claudia & Kietzmann, Jan, 2022. "Hands-off? Lessons from high-touch professionals about going virtual," Business Horizons, Elsevier, vol. 65(3), pages 303-313.
    6. Benz, Michael & Chatterjee, Dave, 2020. "Calculated risk? A cybersecurity evaluation tool for SMEs," Business Horizons, Elsevier, vol. 63(4), pages 531-540.
    7. David Rios Insua & Aitor Couce‐Vieira & Jose A. Rubio & Wolter Pieters & Katsiaryna Labunets & Daniel G. Rasines, 2021. "An Adversarial Risk Analysis Framework for Cybersecurity," Risk Analysis, John Wiley & Sons, vol. 41(1), pages 16-36, January.
    8. Abraham, Chon & Chatterjee, Dave & Sims, Ronald R., 2019. "Muddling through cybersecurity: Insights from the U.S. healthcare industry," Business Horizons, Elsevier, vol. 62(4), pages 539-548.
    9. Natalie M. Scala & Allison C. Reilly & Paul L. Goethals & Michel Cukier, 2019. "Risk and the Five Hard Problems of Cybersecurity," Risk Analysis, John Wiley & Sons, vol. 39(10), pages 2119-2126, October.
    10. Turlough Guerin, 2022. "Questions that board directors should be asking about emerging governance issues and risk: a practitioner’s view and implications for the extractive industries," Mineral Economics, Springer;Raw Materials Group (RMG);Luleå University of Technology, vol. 35(2), pages 221-237, June.
    11. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    12. Jaehyeon Ju & Daegon Cho & Jae Kyu Lee & Jae‐Hyeon Ahn, 2021. "Can It Clean Up Your Inbox? Evidence from South Korean Anti‐spam Legislation," Production and Operations Management, Production and Operations Management Society, vol. 30(8), pages 2636-2652, August.
    13. Luis Hernández-Álvarez & Juan José Bullón Pérez & Farrah Kristel Batista & Araceli Queiruga-Dios, 2022. "Security Threats and Cryptographic Protocols for Medical Wearables," Mathematics, MDPI, vol. 10(6), pages 1-17, March.
    14. Maltseva, Kateryna, 2020. "Wearables in the workplace: The brave new world of employee engagement," Business Horizons, Elsevier, vol. 63(4), pages 493-505.
    15. Asatiani, Aleksandre & Copeland, Olli & Penttinen, Esko, 2023. "Deciding on the robotic process automation operating model: A checklist for RPA managers," Business Horizons, Elsevier, vol. 66(1), pages 109-121.
    16. Gregory Levitin & Liudong Xing & Hong‐Zhong Huang, 2019. "Security of Separated Data in Cloud Systems with Competing Attack Detection and Data Theft Processes," Risk Analysis, John Wiley & Sons, vol. 39(4), pages 846-858, April.
    17. Facchinetti, Silvia & Osmetti, Silvia Angela & Tarantola, Claudia, 2023. "Network models for cyber attacks evaluation," Socio-Economic Planning Sciences, Elsevier, vol. 87(PB).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:bushor:v:64:y:2021:i:5:p:659-671. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/bushor .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.