Accounting and Cybersecurity Risk Management

Eaton, Tim V.; Grenier, Jonathan H.; Layman, David M.

doi:10.2308/ciia-52419

Cited by 25 publications

(10 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Of particular interest in this study are the approaches used to communicate with customers following cybersecurity incidents. Although organizations may need to communicate (e.g., risk disclosures) with other stakeholders such as regulators or investors based on formalized guidelines [21][22][23], our interest in customer notifications is motivated by the flexibility that many organizations have in how much or how little to disclose following an incident. In cases where private customer information is compromised, organizations may be required to meet at least a minimum standard of notification procedures, but these guidelines vary depending on the location of the incident [24].…”

Section: Conceptual Backgroundmentioning

confidence: 99%

Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications

Cram¹,

Mouajou-Kenfack²

2022

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

The growing frequency of cybersecurity incidents commonly requires organizations to notify customers of ongoing events. However, the content contained within these notifications varies widely, including differences in the level of detail, apportioning of blame, compensation, and corrective action. This study seeks to identify patterns contained within cybersecurity incident notifications by constructing a typology of organizational responses. Based on a detailed review of 465 global cybersecurity incidents that occurred during the first half of 2020, we obtained and qualitatively analyzed 187 customer notifications. Our results reveal three distinct organizational response types associated with the level of detail contained within the notification (full transparency, guarded, opacity), as well as three additional response types associated with the benefitting party (customer interest, balanced interest, company interest). This work extends past classifications of cybersecurity incident notifications and provides a template of possible notification approaches that could be adopted by organizations.

show abstract

Section: Conceptual Backgroundmentioning

confidence: 99%

Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications

Cram¹,

Mouajou-Kenfack²

2022

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…Although organizations may need to communicate (e.g. risk disclosures) with other stakeholders such as regulators or investors based on formalized guidelines (Eaton et al ., 2019; Walton et al ., 2021; Wang et al ., 2013), our interest in customer notifications is motivated by the flexibility that many organizations have in how much or how little to disclose following an incident. In cases where private customer information is compromised, organizations may be required to meet at least a minimum standard of notification procedures, but these guidelines vary depending on the location of the incident (Buckbee, 2020).…”

Section: Conceptual Backgroundmentioning

confidence: 99%

Show-and-tell or hide-and-seek? Examining organizational cybersecurity incident notifications

Cram

Mouajou-Kenfack

2022

OCJ

View full text Add to dashboard Cite

PurposeThe growing frequency of cybersecurity incidents commonly requires organizations to notify customers of ongoing events. However, the content contained within these notifications varies widely, including differences in the level of detail, apportioning of blame, compensation and corrective action. This study seeks to identify patterns contained within cybersecurity incident notifications by constructing a typology of organizational responses.Design/methodology/approachBased on a detailed review of 1,073 global cybersecurity incidents occurring during 2020, the authors obtained and qualitatively analyzed 451 customer notifications.FindingsThe results reveal three distinct organizational response types associated with the level of detail contained within the notification (full transparency, guarded and opacity), as well as three response types associated with the benefitting party (customer interest, balanced interest and company interest).Originality/valueThis work extends past classifications of cybersecurity incident notifications and provides a template of possible notification approaches that could be adopted by organizations.

show abstract

“…These IT risks have to be considered seriously by SMEs before the adoption of E-accounting. Several cases have affected AIS because of the risk of cybersecurity that affects positively on electronic auditing or auditing (Thabit, 2019; Bons on and Bedn arov a, 2019; Petratos and Faccia, 2019;Eaton et al, 2019;Hashim et al, 2019). Hence, it is hypothesized that: H2.…”

Section: It Risk and E-accounting Practicementioning

confidence: 99%

Information technology and E-accounting: some determinants among SMEs

Thottoli

Ahmed

2021

JMB

View full text Add to dashboard Cite

Purpose Based on the importance of E-accounting, the purpose of this study is to investigate the determinants influencing information technology and E-accounting among small and medium-sized enterprises (SMEs). Design/methodology/approach A survey method was used to select the sample among SMEs in Oman. Using descriptive statistics, the impact of the determinants on E-accounting practices in SMEs in Oman were tested. Findings The findings reveal that except information technology (IT) cost, all other possible determinants (IT risk, employee IT skills and employee theoretical knowledge) has a significant influence on E-accounting practice among SMEs. Research limitations/implications The link between variables of this study was not analyzed in Oman. Moreover, this study only concentrated on the impact of the fourth determinants, while in reality, there must be other determinants that should also be investigated by other researchers. Practical implications This study has added to the literature by examining the E-accounting practices while evaluating the effect of IT determinants on the relationship. Besides, this might add benefits to many SMEs relating to their current accounting practice that might lead to adopting E-accounting practice to ensure application of applicable accounting standards to show fair financial statements to its stakeholders. Originality/value This current study is one of the first works in the context of Oman. It has added a new discussion to the body of knowledge in light of the IT determinants and their relationship with E-accounting practices; hence, an approach that is not widely discussed in the literature. Furthermore, conducting such research in the field of accounting provides new insight into the literature among both emerging and developed economies including Oman.

show abstract

Accounting and Cybersecurity Risk Management

Cited by 25 publications

References 5 publications

Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications

Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications

Show-and-tell or hide-and-seek? Examining organizational cybersecurity incident notifications

Information technology and E-accounting: some determinants among SMEs

Contact Info

Product

Resources

About