top of page
Writer's pictureObi Ogbanufe, PhD

Informing cybersecurity strategic commitment through top management

Updated: Feb 20, 2023

Cyberinsurance, top executives, cyber-risk, risk management, cybersecurity strategy, breaches

Published: Information & Management https://doi.org/10.1016/j.im.2021.103507

Authors: Obi Ogbanufe, Dan J. Kim, Mary Jones


Committing to a cybersecurity strategy for organizational leaders comes down to a few factors.

Job security is a core factor affecting whether and how executives are committed to cybersecurity strategy with cyberinsurance.

This is a research paper on cyberinsurance as a strategic risk management decision. We examined the top executives’ role in making that decision. #cyberinsurance #cyberrisks https://www.sciencedirect.com/science/article/abs/pii/S0378720621000811


Our results found that institutional pressures affect top executives’ perceptions of job security, financial risk, and regulatory oversight. Our results suggest that:

  1. Job security is more strongly linked to top executive’s commitment to a risk management strategy than situational and organizational influences

  2. Using cyberinsurance as a risk management strategy is fueled by factors such as appeasing investors and regulatory oversight

Abstract

Given the financial consequences of security breaches, security risk management has gained some attention in board rooms and garnered more involvement from top management. We undertook a research study to understand executives’ role in cybersecurity strategy, specifically with cyberinsurance. We explored how top executives’ values and perceptions affect their commitment to using cyberinsurance as a risk management strategy. We also wanted to understand the impact of institutional pressures on executives’ values


We empirically tested and confirmed our hypotheses using data collected from executive-level managers of various firms. We also performed some interviews with top-level executives. Our results found that institutional pressures affect top managers’ perceptions of job security, breach risk, financial risk, transaction cost, and regulatory oversight. In turn, we found that these factors influence their commitment to cyberinsurance. Of note, we found that values that have personal relevance have a more substantial impact on their strategic decisions.


The findings emphasize the critical role that top management plays in mediating the influence of institutional pressures on cybersecurity strategy.


Here's the study.







24 views0 comments

Comments


bottom of page