Cybersecurity and cyber risk in integrated and management reports of key service operators

Zeszyty Teoretyczne Rachunkowosci Pub Date : 2021-07-02 DOI:10.5604/01.3001.0014.9558

Aleksandra Ferens

{"title":"Cybersecurity and cyber risk in integrated and management reports of key service operators","authors":"Aleksandra Ferens","doi":"10.5604/01.3001.0014.9558","DOIUrl":null,"url":null,"abstract":"Purpose: The scope of interactive information processed and exchanged through cyberspace has grown exponentially. Therefore, there is a need to develop cybersecurity that protects this space against both internal and external threats, as well as to work out an appropriate reporting system on the cybersecurity model operating in the company. The aim of the paper is to identify and assess the disclosures on cybersecurity and cyber risk in the integrated and management reports of selected companies listed on the Warsaw Stock Exchange. Methodology: The study focused on the integrated and management reports of 17 selected companies identified as operators of so-called key services. The representative sample was chosen through purposive sampling. This process was preceded by a preliminary analysis of companies listed in the WIG 30 Index, drawing on the number of integrated reports prepared by the operators of key services. The research involved an analysis of the literature and legal regulations, as well as the structure and scope of information on cybersecurity reported by the surveyed companies, along with the deductive method. The results of the analysis showed that only some companies present information on existing cyber risks and cybersecurity, while information is scattered in different parts of the business reports and non-comparable due to the lack of a unified data structure. It was noted that the reports do not contain detailed information on the activities in the field of cybersecurity, which makes it impossible to perform a multifaceted and multisectoral assessment of the results reported by the entities. Originality: The paper builds on and thus complements the scientific achievements in the field of non-financial reporting, including the business model, by identifying the shortcomings related to reporting on how to protect companies against the risk related to cyber threats in the reports to date. The study also confirms the need to improve the content of business reports with quantitative and qualitative information in this regard\n\n","PeriodicalId":53342,"journal":{"name":"Zeszyty Teoretyczne Rachunkowosci","volume":"1 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Zeszyty Teoretyczne Rachunkowosci","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5604/01.3001.0014.9558","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Purpose: The scope of interactive information processed and exchanged through cyberspace has grown exponentially. Therefore, there is a need to develop cybersecurity that protects this space against both internal and external threats, as well as to work out an appropriate reporting system on the cybersecurity model operating in the company. The aim of the paper is to identify and assess the disclosures on cybersecurity and cyber risk in the integrated and management reports of selected companies listed on the Warsaw Stock Exchange. Methodology: The study focused on the integrated and management reports of 17 selected companies identified as operators of so-called key services. The representative sample was chosen through purposive sampling. This process was preceded by a preliminary analysis of companies listed in the WIG 30 Index, drawing on the number of integrated reports prepared by the operators of key services. The research involved an analysis of the literature and legal regulations, as well as the structure and scope of information on cybersecurity reported by the surveyed companies, along with the deductive method. The results of the analysis showed that only some companies present information on existing cyber risks and cybersecurity, while information is scattered in different parts of the business reports and non-comparable due to the lack of a unified data structure. It was noted that the reports do not contain detailed information on the activities in the field of cybersecurity, which makes it impossible to perform a multifaceted and multisectoral assessment of the results reported by the entities. Originality: The paper builds on and thus complements the scientific achievements in the field of non-financial reporting, including the business model, by identifying the shortcomings related to reporting on how to protect companies against the risk related to cyber threats in the reports to date. The study also confirms the need to improve the content of business reports with quantitative and qualitative information in this regard

查看原文本刊更多论文

关键服务运营商综合和管理报告中的网络安全和网络风险

目的：通过网络空间处理和交换的互动信息的范围呈指数级增长。因此，有必要开发网络安全，保护这一空间免受内部和外部威胁，并制定一个关于公司网络安全模式的适当报告系统。本文的目的是识别和评估在华沙证券交易所上市的选定公司的综合和管理报告中关于网络安全和网络风险的披露。方法：该研究侧重于17家选定的所谓关键服务运营商的综合和管理报告。代表性样本是通过有目的的抽样选出的。在此过程之前，根据关键服务运营商编制的综合报告数量，对WIG 30指数中列出的公司进行了初步分析。这项研究包括对文献和法律法规的分析，以及被调查公司报告的网络安全信息的结构和范围，以及演绎方法。分析结果显示，只有一些公司提供了有关现有网络风险和网络安全的信息，而由于缺乏统一的数据结构，这些信息分散在商业报告的不同部分，不具有可比性。有人指出，报告中没有关于网络安全领域活动的详细信息，因此无法对各实体报告的结果进行多方面和多部门的评估。独创性：该论文建立在非财务报告领域的科学成就的基础上，从而补充了包括商业模式在内的非财务报告的科学成就，在迄今为止的报告中发现了与如何保护公司免受网络威胁相关风险的报告相关的缺陷。这项研究还证实，有必要改进业务报告的内容，提供这方面的定量和定性信息

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Zeszyty Teoretyczne Rachunkowosci

CiteScore

0.40

自引率

0.00%

发文量

审稿时长

14 weeks