Search Results (3)

The digital business environment is rapidly evolving with advancements in information technology (IT), increasing the risk of information security incidents. Grounded in the resource-based view and in contingency theory, this study adopts a different approach from prior research by conceptualizing security management activities not as mere risk control mechanisms, but as strategic innovation drivers that can enhance corporate performance (sales revenue and operating profit). The authors develop a research model with six independent variables, including internal and external security management activities, CISO role configuration (independent or dual-role with CIO), and investment levels in IT and information security. The dependent variables include sales revenue and operating profit, with ISMS or ISO certification as a moderating variable. Using information security (IS) disclosures and financial data from 545 Korean firms that have reported their security management activities to the Ministry of Science and ICT, multiple regression and moderation analyses reveal that high IT investment negatively impacts performance, but this effect is mitigated when formal security systems, like ISMS or ISO, are in place. The results suggest that integrating recognized security frameworks into management strategies can enhance both innovation and financial outcomes, encouraging a proactive approach to security management. Full article

This study aims to describe and assess the impact of critical infrastructure (CI) cybersecurity issues on the sustainable development of smart cities. This study highlights the integration of PayTech systems into the broader CI landscape, highlighting their impact on maintaining economic stability and ensuring the smooth operation of city services. Key companies within smart regions, particularly those operating in the payment industries, are essential to maintaining the functionality of critical services. These companies facilitate the processing of services provided to citizens, enabling access to vital municipal services. As key players in the PayTech and online e-commerce sectors, they form a crucial part of modern critical infrastructure, operating within an ever-evolving digital environment. This study examines the recovery processes employed after cyberattacks, focusing on the differing perspectives of internal and external professionals. It identifies significant differences in the perceptions of recovery strategies among internal stakeholders, such as investor relations (IR) teams, reputation management (RM) experts, and Chief Information Security Officers (CISOs), who represent critical infrastructure companies. Additionally, it explores the roles of external auditors, who provide impartial emergency support and perform specialized recovery tasks. Importantly, this study underscores the current attitudes toward future information security strategies and their influence on the financial recovery and reputation of reliable companies following cyber incidents. This research contributes to the existing knowledge by shedding light on the perspectives of both a company’s internal and external specialists involved in the recovery process and cyber resilience strategies in critical infrastructure sectors. Full article

Background: Cyber security has turned out to be one of the main challenges of recent years. As the variety of system and application vulnerabilities has increased dramatically in recent years, cyber attackers have managed to penetrate the networks and infrastructures of larger numbers of companies, thus increasing the latter’s exposure to cyber threats. To mitigate this exposure, it is crucial for CISOs to have sufficient training and skills to help them identify how well security controls are managed and whether these controls offer the company sufficient protection against cyber threats, as expected. However, recent literature shows a lack of clarity regarding the manner in which the CISOs’ role and the companies’ investment in their skills should change in view of these developments. Therefore, the aim of this study is to investigate the relationship between the CISOs’ level of cyber security-related preparation to mitigate cyber threats (and specifically, the companies’ attitudes toward investing in such preparation) and the recent evolution of cyber threats. Methods: The study data are based on the following public resources: (1) recent scientific literature; (2) cyber threat-related opinion news articles; and (3) OWASP’s reported list of vulnerabilities. Data analysis was performed using various text mining methods and tools. Results: The study’s findings show that although the implementation of cyber defense tools has gained more serious attention in recent years, CISOs still lack sufficient support from management and sufficient knowledge and skills to mitigate current and new cyber threats. Conclusions: The research outcomes may allow practitioners to examine whether the companies’ level of cyber security controls matches the CISOs’ skills, and whether a comprehensive security education program is required. The present article discusses these findings and their implications. Full article