中小企业的网络风险管理：来自行业调查的见解

IF 5.7 Q1 BUSINESS, FINANCE

Journal of Risk Finance Pub Date : 2021-07-19 DOI:10.1108/JRF-02-2020-0024

F. Hoppe, Nadine Gatzert, Petra Gruner

{"title":"中小企业的网络风险管理：来自行业调查的见解","authors":"F. Hoppe, Nadine Gatzert, Petra Gruner","doi":"10.1108/JRF-02-2020-0024","DOIUrl":null,"url":null,"abstract":"PurposeThis article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.Design/methodology/approachThis is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.FindingsThe results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.Originality/valueThis paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.","PeriodicalId":46579,"journal":{"name":"Journal of Risk Finance","volume":" ","pages":""},"PeriodicalIF":5.7000,"publicationDate":"2021-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Cyber risk management in SMEs: insights from industry surveys\",\"authors\":\"F. Hoppe, Nadine Gatzert, Petra Gruner\",\"doi\":\"10.1108/JRF-02-2020-0024\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"PurposeThis article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.Design/methodology/approachThis is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.FindingsThe results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.Originality/valueThis paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.\",\"PeriodicalId\":46579,\"journal\":{\"name\":\"Journal of Risk Finance\",\"volume\":\" \",\"pages\":\"\"},\"PeriodicalIF\":5.7000,\"publicationDate\":\"2021-07-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Risk Finance\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1108/JRF-02-2020-0024\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"BUSINESS, FINANCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Risk Finance","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/JRF-02-2020-0024","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"BUSINESS, FINANCE","Score":null,"Total":0}

引用次数: 9

摘要

目的本文旨在了解中小企业网络风险管理过程的现状，并得出未来的研究方向。设计/方法论/方法这是通过从最近的37项行业调查中收集市场见解，并根据风险管理流程的步骤对其进行结构化来完成的。从这一分析中，得出了主要的挑战，并确定了未来的研究领域。结果表明，风险文化的不足以及IT专家市场的紧张是中小企业实施网络风险管理的主要障碍，这些挑战在各国都是相似的。研究结果表明，尤其是网络安全文化与网络风险管理之间的关系应该进一步研究，企业风险管理和网络风险管理的研究流之间应该有更紧密的联系。原创性/价值本文从市场角度对中小企业网络风险管理的现状进行了系统综述，为文献做出了贡献。研究结果通过强调网络安全文化（感知、知识、态度）对成功的网络风险管理的核心作用，为现有学术文献提供了支持，但在未来的（实证）研究中应更深入地解决这一问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Cyber risk management in SMEs: insights from industry surveys

PurposeThis article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.Design/methodology/approachThis is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.FindingsThe results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.Originality/valueThis paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Risk Finance BUSINESS, FINANCE-

CiteScore

6.20

自引率

6.70%

发文量

期刊介绍： The Journal of Risk Finance provides a rigorous forum for the publication of high quality peer-reviewed theoretical and empirical research articles, by both academic and industry experts, related to financial risks and risk management. Articles, including review articles, empirical and conceptual, which display thoughtful, accurate research and be rigorous in all regards, are most welcome on the following topics: -Securitization; derivatives and structured financial products -Financial risk management -Regulation of risk management -Risk and corporate governance -Liability management -Systemic risk -Cryptocurrency and risk management -Credit arbitrage methods -Corporate social responsibility and risk management -Enterprise risk management -FinTech and risk -Insurtech -Regtech -Blockchain and risk -Climate change and risk