Business Process Outsourcing 14 Cybersecurity KPIs Towards a Strategic Information Security

In today’s rapidly evolving digital landscape, the Business Process Outsourcing (BPO) industry faces an ever-increasing threat of cyber-attacks and data breaches, underscoring the critical importance of robust information security practices. To address these challenges, organizations must develop effective strategic information security, supported by reliable performance measurement tools such as Key Performance Indicators (KPIs). This research aims to investigate the information security implemented by BPO companies and their utilization of the 14 cybersecurity KPIs to track and enhance their information security measures. A mixed-methods strategy is used in the study, integrating qualitative and quantitative techniques. The qualitative component involves thematic analysis of key informant interviews, while the quantitative component entails the analysis of Likert-scale questionnaires and numerical data. The findings of this research provide valuable insights into the significance of strategic information security in achieving effective information security management within the BPO industry. The study reveals the specific elements incorporated in these plans, such as risk assessment methodologies, security controls implementation, employee training, incident response strategies, and compliance measures. The implications of this study offer valuable insights for BPO organizations to develop robust strategic information security tailored to their specific context, ensuring effective alignment with organizational objectives and risk management strategies. Moreover, the research contributes to the existing literature on information security management frameworks, emphasizing the role of cybersecurity KPIs in evaluating security performance. Keywords: cybersecurity, information security, KPI, business process outsourcing industry, information security management