IDEAS home Printed from https://ideas.repec.org/a/eee/bushor/v64y2021i5p659-671.html

Cybersecurity: Risk management framework and investment cost analysis

Author

Listed:
  • Lee, In

Abstract

As organizations accelerate digital transformation with mobile devices, cloud services, social media, and Internet of Things services, cybersecurity has become a key priority in enterprise risk management. While improving cybersecurity leads to higher levels of customer trust and increased revenue opportunities, rapidly evolving data protection and privacy regulations have complicated cybersecurity management. Against the backdrop of rapidly rising cyberbreaches and the emergence of novel cybersecurity technologies such as machine learning and artificial intelligence, this article introduces a cyber risk management framework, discusses a cyber risk assessment process, and illustrates a continuous improvement of cybersecurity performance and cyberinvestment cost analysis with a real-world cybersecurity example.

Suggested Citation

  • Lee, In, 2021. "Cybersecurity: Risk management framework and investment cost analysis," Business Horizons, Elsevier, vol. 64(5), pages 659-671.
    • Handle: RePEc:eee:bushor:v:64:y:2021:i:5:p:659-671
    DOI: 10.1016/j.bushor.2021.02.022
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0007681321000240
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.bushor.2021.02.022?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Abraham, Chon & Chatterjee, Dave & Sims, Ronald R., 2019. "Muddling through cybersecurity: Insights from the U.S. healthcare industry," Business Horizons, Elsevier, vol. 62(4), pages 539-548.
    2. Dang-Pham, Duy & Pittayachawan, Siddhi & Bruno, Vince, 2016. "Impacts of security climate on employees’ sharing of security advice and troubleshooting: Empirical networks," Business Horizons, Elsevier, vol. 59(6), pages 571-584.
    3. Luca Allodi & Fabio Massacci, 2017. "Security Events and Vulnerability Data for Cybersecurity Risk Estimation," Risk Analysis, John Wiley & Sons, vol. 37(8), pages 1606-1627, August.
    4. Mills, Adam J. & Watson, Richard T. & Pitt, Leyland & Kietzmann, Jan, 2016. "Wearing safe: Physical and informational security in the age of the wearable device," Business Horizons, Elsevier, vol. 59(6), pages 615-622.
    5. Cusack, Brian & Ghazizadeh, Eghbal, 2016. "Evaluating single sign-on security failure in cloud services," Business Horizons, Elsevier, vol. 59(6), pages 605-614.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Türegün, Nida, 2025. "Digital transformation and cybersecurity risks," International Journal of Accounting Information Systems, Elsevier, vol. 56(C).
    2. Godsway Korku Tetteh & Chuks Otioma, 2025. "Cyberattack, cyber risk mitigation capabilities, and firm productivity in Kenya," Small Business Economics, Springer, vol. 64(3), pages 1493-1514, March.
    3. Kaur, Harpreet & Gupta, Mahima & Singh, Surya Prakash, 2024. "Integrated model to optimize supplier selection and investments for cyber resilience in digital supply chains," International Journal of Production Economics, Elsevier, vol. 275(C).
    4. Moussa, Fatima Zahra & Zine-Dine, Khalid, 2025. "The impact of cyber-attacks on cybersecurity investment game model," Chaos, Solitons & Fractals, Elsevier, vol. 200(P2).
    5. Ben Kejwang, 2022. "Effect of cybersecurity risk management practices on performance of insurance sector: A review of literature," International Journal of Research in Business and Social Science (2147-4478), Center for the Strategic Studies in Business and Finance, vol. 11(6), pages 334-340, September.
    6. Catalin Gheorghe & Oana Panazan, 2025. "Quantifying Cybersecurity Impacts on Clean Energy Market Volatility: A Time-Frequency Approach," Mathematics, MDPI, vol. 13(8), pages 1-50, April.
    7. Ardita TODRI & Petraq PAPAJORGJI, 2024. "Artificial Intelligence Waves In Financial Services Industry: An Evolution Factorial Analysis," Regional Science Inquiry, Hellenic Association of Regional Scientists, vol. 0(2), pages 63-75, June.
    8. Saif Hussein Abdallah Alghazo & Norshima Humaidi & Shereen Noranee, 2023. "Assessing Information Security Competencies of Firm Leaders towards Improving Procedural Information Security Countermeasure: Awareness and Cybersecurity Protective Behavior," Information Management and Business Review, AMH International, vol. 15(1), pages 1-13.
    9. Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
    10. Slapničar, Sergeja & Axelsen, Micheal & Bongiovanni, Ivano & Stockdale, David, 2023. "A pathway model to five lines of accountability in cybersecurity governance," International Journal of Accounting Information Systems, Elsevier, vol. 51(C).
    11. Zhang, Chen & Li, Rongrong & Wang, Qiang, 2026. "Artificial intelligence and sustainable development: A global nonlinear analysis of the moderating roles of human capital and renewable energy," Renewable and Sustainable Energy Reviews, Elsevier, vol. 228(C).
    12. Dutta, Kishore, 2025. "Dynamic optimization of multi-layered defenses inspired by Chakravyuh," International Journal of Critical Infrastructure Protection, Elsevier, vol. 51(C).
    13. Singh, Kuldeep & Chatterjee, Sheshadri & Mariani, Marcello & Wamba, Samuel Fosso, 2025. "Cybersecurity resilience and innovation ecosystems for sustainable business excellence: Examining the dramatic changes in the macroeconomic business environment," Technovation, Elsevier, vol. 143(C).
    14. Philippe Funk, 2022. "Artificial Intelligence And Cybersecurity Implications For Business Management," Economy & Business Journal, International Scientific Publications, Bulgaria, vol. 16(1), pages 252-261.
    15. Rice, John & Martin, Nigel, 2026. "Managing cybersecurity risks in Small businesses: A simulation-based decision framework," Technological Forecasting and Social Change, Elsevier, vol. 223(C).
    16. Henock Mulugeta Melaku, 2023. "Context-Based and Adaptive Cybersecurity Risk Management Framework," Risks, MDPI, vol. 11(6), pages 1-22, May.
    17. Brho, Mazen & Jazairy, Amer & Glassburner, Aaron V., 2025. "The finance of cybersecurity: Quantitative modeling of investment decisions and net present value," International Journal of Production Economics, Elsevier, vol. 279(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Chotia, Varun & Khoualdi, Kamel & Broccardo, Laura & Yaqub, Muhammad Zafar, 2025. "The role of cyber security and digital transformation in gaining competitive advantage through Strategic Management Accounting," Technology in Society, Elsevier, vol. 81(C).
    2. repec:zib:zibaem:v:7:y:2023:i:1:p:25-33 is not listed on IDEAS
    3. Camélia Radu & Nadia Smaili, 2022. "Board Gender Diversity and Corporate Response to Cyber Risk: Evidence from Cybersecurity Related Disclosure," Journal of Business Ethics, Springer, vol. 177(2), pages 351-374, May.
    4. Edward J. Oughton & Daniel Ralph & Raghav Pant & Eireann Leverett & Jennifer Copic & Scott Thacker & Rabia Dada & Simon Ruffle & Michelle Tuveson & Jim W Hall, 2019. "Stochastic Counterfactual Risk Analysis for the Vulnerability Assessment of Cyber‐Physical Attacks on Electricity Distribution Infrastructure Networks," Risk Analysis, John Wiley & Sons, vol. 39(9), pages 2012-2031, September.
    5. Tsan‐Ming Choi & James H. Lambert, 2017. "Advances in Risk Analysis with Big Data," Risk Analysis, John Wiley & Sons, vol. 37(8), pages 1435-1442, August.
    6. Lord Ferguson, Sarah & Smith, Claudia & Kietzmann, Jan, 2022. "Hands-off? Lessons from high-touch professionals about going virtual," Business Horizons, Elsevier, vol. 65(3), pages 303-313.
    7. Benz, Michael & Chatterjee, Dave, 2020. "Calculated risk? A cybersecurity evaluation tool for SMEs," Business Horizons, Elsevier, vol. 63(4), pages 531-540.
    8. David Rios Insua & Aitor Couce‐Vieira & Jose A. Rubio & Wolter Pieters & Katsiaryna Labunets & Daniel G. Rasines, 2021. "An Adversarial Risk Analysis Framework for Cybersecurity," Risk Analysis, John Wiley & Sons, vol. 41(1), pages 16-36, January.
    9. C. Christopher Lee & Jeong Hoon Choi & Jung Young Lee & Sima Fortsch, 2025. "Impacts of cybersecurity on hospital efficiency and financial performance," Service Business, Springer;Pan-Pacific Business Association, vol. 19(1), pages 1-24, March.
    10. Abraham, Chon & Chatterjee, Dave & Sims, Ronald R., 2019. "Muddling through cybersecurity: Insights from the U.S. healthcare industry," Business Horizons, Elsevier, vol. 62(4), pages 539-548.
    11. Natalie M. Scala & Allison C. Reilly & Paul L. Goethals & Michel Cukier, 2019. "Risk and the Five Hard Problems of Cybersecurity," Risk Analysis, John Wiley & Sons, vol. 39(10), pages 2119-2126, October.
    12. Turlough Guerin, 2022. "Questions that board directors should be asking about emerging governance issues and risk: a practitioner’s view and implications for the extractive industries," Mineral Economics, Springer;Raw Materials Group (RMG);Luleå University of Technology, vol. 35(2), pages 221-237, June.
    13. Sybren Kinderen & Monika Kaczmarek-Heß & Simon Hacks, 2025. "A Multi-level Reference Model and a Dedicated Method for Cyber-Security by Design," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 67(4), pages 511-530, August.
    14. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    15. Jaehyeon Ju & Daegon Cho & Jae Kyu Lee & Jae‐Hyeon Ahn, 2021. "Can It Clean Up Your Inbox? Evidence from South Korean Anti‐spam Legislation," Production and Operations Management, Production and Operations Management Society, vol. 30(8), pages 2636-2652, August.
    16. Mark W. Hodgins, 2025. "The perils of cybersecurity regulation," The Review of Austrian Economics, Springer;Society for the Development of Austrian Economics, vol. 38(4), pages 391-411, December.
    17. Martina Neri & Federico Niccolini & Francesco Virili, 2026. "Organizational cyber resilience: toward an integrative conceptual framework," Management Review Quarterly, Springer, vol. 76(1), pages 789-840, February.
    18. Kunxiang Dong & Lin Chen & Jie Zhen & Zongxiao Xie, 2025. "Security Investment Decisions for Healthcare Information Security Against Strategic Attacks," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 67(6), pages 913-937, December.
    19. Luis Hernández-Álvarez & Juan José Bullón Pérez & Farrah Kristel Batista & Araceli Queiruga-Dios, 2022. "Security Threats and Cryptographic Protocols for Medical Wearables," Mathematics, MDPI, vol. 10(6), pages 1-17, March.
    20. Nillasithanukroh, Songkhun & Park, Chul Hyun & Baek, Jaejong & Ahn, Gail-Joon & Richards, Robert, 2025. "Mapping the landscape of cybersecurity preparedness: A systematic review of non-technological determinants and consequences," Technology in Society, Elsevier, vol. 83(C).
    21. Maltseva, Kateryna, 2020. "Wearables in the workplace: The brave new world of employee engagement," Business Horizons, Elsevier, vol. 63(4), pages 493-505.

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;
    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:bushor:v:64:y:2021:i:5:p:659-671. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/bushor .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.