Emerging IT Risks: Insights from German Banking

Ashby, Simon; Buck, Trevor; Nöth-Zahn, Stephanie; Peisl, Thomas

doi:10.1057/s41288-018-0081-8

Cited by 11 publications

(3 citation statements)

References 65 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While most research has focused on the technical side of cybersecurity, expanding work on socioeconomic risk factors, process, and people would be beneficial. Ashby et al (2018) find that the typical ERM approach of estimating likelihood and consequence is not effective for emerging risks, such as cyber threats. They propose that ERM needs to deal with such risks by “reducing uncertainty through knowledge acquisition” from a diverse group of stakeholders with a wide array of expertise.…”

Section: Future Research: Gaps In Cyber Risk Researchmentioning

confidence: 99%

Cyber risk management: History and future research directions

McShane

Eling

Nguyen

2021

Risk Manage Insurance Review

View full text Add to dashboard Cite

Cybersecurity research started in the late 1960s and has continuously evolved under different names such as computer security and information security. This article briefly covers that history but will especially focus on the latest incarnation known as "cyber risk management," which includes both technical and economic/management dimensions. The main focus of the article is to review research on individual steps of the cyber risk management process and on the overall process to highlight gaps and determine research directions. Two main findings are that cyber risk is difficult to include in the overall enterprise risk management process and that a move toward cyber resilience is necessary to deal with such a complex risk. Both findings require a level of interdisciplinary collaboration that is currently lacking.

show abstract

Section: Future Research: Gaps In Cyber Risk Researchmentioning

confidence: 99%

Cyber risk management: History and future research directions

McShane

Eling

Nguyen

2021

Risk Manage Insurance Review

View full text Add to dashboard Cite

show abstract

“…perception, knowledge, attitude) on the quality of the management of emerging risks like, cyber risk (e.g. Pfleeger and Caputo, 2012;Ashby et al, 2018;de Smidt and Botzen, 2018;Nam, 2019) or reputation risk (Gatzert and Schmit, 2016). We suggest intensified (empirical) research on the relationship between cyber security culture and the maturity of cyber risk management, which would be of high relevance for both academics and practitioners like insurance companies, risk experts and governmental agencies who have an interest in improving the cyber security position of SMEs.…”

Section: Introductionmentioning

confidence: 96%

“…de Smidt and Botzen (2018) and Nam (2019) show the effects of trust and worry on cyber risk management decisions. Finally, Ashby et al (2018) note that risk management is frequently focused on quantifying known risks, while not strongly focusing on upcoming risks. Overall, the high complexity of the underlying decisions may lead to cognitive strain (i.e.…”

Section: Introductionmentioning

confidence: 99%

Cyber risk management in SMEs: insights from industry surveys

Hoppe

Gatzert

Gruner

2021

JRF

View full text Add to dashboard Cite

PurposeThis article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.Design/methodology/approachThis is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.FindingsThe results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.Originality/valueThis paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.

show abstract