Search results
1 – 10 of over 3000Sasha Romanosky and Elizabeth L. Petrun Sayers
The purpose of this study is to examine how companies integrate cyber risk into their enterprise risk management practices. Data breaches have become commonplace, with thousands…
Abstract
Purpose
The purpose of this study is to examine how companies integrate cyber risk into their enterprise risk management practices. Data breaches have become commonplace, with thousands occurring each year, and some costing hundreds of millions of dollars. Consequently, cyber risk has become one of the gravest risks facing organizations, and has attracted boardroom-level attention. On the other hand, companies already manage many kinds of difficult and growing risks, and that firms lose less than 1% of annual revenues as a result of cyber incidents. Therefore, how should firms appropriately address cyber risk? Is it indeed a materially different kind of risk area, or is it simply just one more risk that can seamlessly be integrated into existing enterprise risk management (ERM) practices?
Design/methodology/approach
The authors performed thematic analysis based on semi-structured interviews, with non-probabilistic, purposive sampling, to answer two main questions. First, how do firms manage enterprise risks, generally? And second, how are they integrating cyber risk into these existing processes?
Findings
The authors find that there is considerable variation in the approach and sophistication in ERM practices, such as whether they are driven more like an auditing function, or as a risk champion. The authors also find that despite the novelty of cyber risk, it can be integrated like other enterprise risks, and that cyber risk is most often seen as an operational risk (similar to workplace accidents or fraud), rather than a strategic risk, emerging from, for example, technology innovation and R&D.
Research limitations/implications
The generalization of the results is limited by the sample size and variation of firms interviewed. While the authors attempted to interview enterprise risk managers across a wide variation of firms, there were clear limitations in the scope. That being said, the authors were fortunate to be able to examine ERM and cyber risk practices across small and large, private and publicly traded companies, from a variety of business sectors.
Practical implications
The authors believe these finding are important because they present evidence that while cyber risk may be new, it does not require specialized handling or processes to track it at the enterprise level. While some firms may choose to provide special accommodations or attention because of their data collection or business practices, this approach is neither necessary nor required of all firms in all situations.
Originality/value
This research is one of the only papers that, to the best of the authors’ knowledge, examines how cyber risk is integrated at an enterprise level.
Details
Keywords
Rahel Aschwanden, Claude Messner, Bettina Höchli and Geraldine Holenweger
Cyberattacks have become a major threat to small and medium-sized enterprises. Their prevention efforts often prioritize technical solutions over human factors, despite humans…
Abstract
Purpose
Cyberattacks have become a major threat to small and medium-sized enterprises. Their prevention efforts often prioritize technical solutions over human factors, despite humans posing the greatest risk. This article highlights the importance of developing tailored behavioral interventions. Through qualitative interviews, we identified three persona types with different psychological biases that increase the risk of cyberattacks. These psychological biases are a basis for creating behavioral interventions to strengthen the human factor and, thus, prevent cyberattacks.
Design/methodology/approach
We conducted structured, in-depth interviews with 44 employees, decision makers and IT service providers from small and medium-sized Swiss enterprises to understand insecure cyber behavior.
Findings
A thematic analysis revealed that, while knowledge about cyber risks is available, no one assumes responsibility for employees’ and decision makers’ behavior. The interview results suggest three personas for employees and decision makers: experts, deportees and repressors. We have derived corresponding biases from these three persona types that help explain the interviewees’ insecure cyber behavior.
Research limitations/implications
This study provides evidence that employees differ in their cognitive biases. This implies that tailored interventions are more effective than one-size-fits7-all interventions. It is inherent in the idea of tailored interventions that they depend on multiple factors, such as cultural, organizational or individual factors. However, even if the segments change somewhat, it is still very likely that there are subgroups of employees that differ in terms of their misleading cognitive biases and risk behavior.
Practical implications
This article discusses behavior directed recommendations for tailored interventions in small and medium-sized enterprises to minimize cyber risks.
Originality/value
The contribution of this study is that it is the first to use personas and cognitive biases to understand insecure cyber behavior, and to explain why small and medium-sized enterprises do not implement behavior-based cybersecurity best practices. The personas and biases provide starting points for future research and interventions in practice.
Details
Keywords
Chao Lu and Xiaohai Xin
The promotion of autonomous vehicles introduces privacy and security risks, underscoring the pressing need for responsible innovation implementation. To more effectively address…
Abstract
Purpose
The promotion of autonomous vehicles introduces privacy and security risks, underscoring the pressing need for responsible innovation implementation. To more effectively address the societal risks posed by autonomous vehicles, considering collaborative engagement of key stakeholders is essential. This study aims to provide insights into the governance of potential privacy and security issues in the innovation of autonomous driving technology by analyzing the micro-level decision-making processes of various stakeholders.
Design/methodology/approach
For this study, the authors use a nuanced approach, integrating key stakeholder theory, perceived value theory and prospect theory. The study constructs a model based on evolutionary game for the privacy and security governance mechanism of autonomous vehicles, involving enterprises, governments and consumers.
Findings
The governance of privacy and security in autonomous driving technology is influenced by key stakeholders’ decision-making behaviors and pivotal factors such as perceived value factors. The study finds that the governmental is influenced to a lesser extent by the decisions of other stakeholders, and factors such as risk preference coefficient, which contribute to perceived value, have a more significant influence than appearance factors like participation costs.
Research limitations/implications
This study lacks an investigation into the risk sensitivity of various stakeholders in different scenarios.
Originality/value
The study delineates the roles and behaviors of key stakeholders and contributes valuable insights toward addressing pertinent risk concerns within the governance of autonomous vehicles. Through the study, the practical application of Responsible Innovation theory has been enriched, addressing the shortcomings in the analysis of micro-level processes within the framework of evolutionary game.
Details
Keywords
Abdullah Al Mamun and Syed Ali Fazal
This study aims to examine the effect of creativity and innovativeness, risk taking propensity, proactiveness and autonomy on entrepreneurial competency and performance among…
Abstract
Purpose
This study aims to examine the effect of creativity and innovativeness, risk taking propensity, proactiveness and autonomy on entrepreneurial competency and performance among micro-enterprises in Kelantan, Malaysia.
Design/methodology/approach
Adopting a cross-sectional design, the authors collected data from 403 micro-entrepreneurs who were registered under “Majlis Amanah Rakyat” and “Majlis Agama Islam dan Adat Istiadat”. Quantitative data were collected through structured interviews from September 2017 to December 2017.
Findings
The findings revealed that creativity and innovativeness, proactiveness and autonomy had a positive influence on entrepreneurial competencies. In addition, autonomy and entrepreneurial competencies had a positive effect on micro-enterprise performance. Then, entrepreneurial competencies showed a mediating effect on the relationships between creativity, innovativeness, autonomy and micro-enterprise performance.
Originality/value
The findings contributed to resource-based view and enriched the entrepreneurship literature, particularly in the context of small businesses in emerging economies. This study recommended underlying organizations to pay attention to the improvement of creativity and innovativeness, proactiveness, autonomy and entrepreneurial competencies among low-income entrepreneurs through useful policies and training programs, which were expected to improve micro-enterprise performance and encourage poor households to perform entrepreneurial activities for better socio-economic conditions.
Details
Keywords
Peng Xie, Qiang Chen, Ping Qu, Jianping Fan and Zhijun Tang
This paper aims to systematically expound the theory and development background of supply chain finance and blockchain, design a railway freight supply chain financial platform…
Abstract
Purpose
This paper aims to systematically expound the theory and development background of supply chain finance and blockchain, design a railway freight supply chain financial platform based on blockchain, determine the risk management system and business support system of supply chain finance business and analyze the value generated by the combination of supply chain finance business and blockchain.
Design/methodology/approach
Investigation and research method; Prototype method; Model method; Value analysis.
Findings
The business model integrating supply chain finance and blockchain technology will bring great changes to freight industry. The development of supply chain finance is beneficial to the healthy development of the core participants of railway freight transport business and its upstream and downstream ecosystems. It links commerce, logistics, warehousing and financial services together and builds an industry-integrated ecological service platform through information technology platform and supporting system, taking data as the basis and combining information technology such as blockchain as innovative means.
Originality/value
This paper will provide important reference value for related research. This paper innovatively designs the supply chain financial platform of freight transportation industry-integrating blockchain technology and analyzes its business model, technical system, risk management and control system and value system in detail, which will provide technical support for the innovative reform of freight information technology and realize the stable and high-speed development of freight logistics informationization.
Details
Keywords
Luca Ferri, Rosanna Spanò, Marco Maffei and Clelia Fiondella
This paper aims to investigate the factors influencing chief executive officers’ (CEOs') intentions to implement cloud technology in Italian small and medium-sized enterprises…
Abstract
Purpose
This paper aims to investigate the factors influencing chief executive officers’ (CEOs') intentions to implement cloud technology in Italian small and medium-sized enterprises (SMEs).
Design/methodology/approach
The study proposes a model that integrates the theoretical construct of the technology acceptance model (TAM) with a classification of perceived benefits and risks related to cloud computing. The study employs a structural equation modeling approach to analyze data gathered through a Likert scale-based survey.
Findings
The findings indicate that risk perception has a strong negative effect on the intention to introduce cloud technology in firms. This effect is partially offset by the perceived ease of use of the technology.
Originality/value
The study provides a new theoretical framework that integrates the TAM and a classification of perceived risks to provide a clear view of management's cognitive processes during technological change. Moreover, the results show the main factors influencing decisions regarding the implementation of cloud computing in firms in light of the perception of risks. Finally, this study provides interesting findings for cloud service providers (CSPs) about their customers' decision-making processes.
Details
Keywords
Priscila Ferreira de Araújo Lima, Sara Marcelino-Sadaba and Chiara Verbano
Despite the emergence and strategic importance of project risk management (PRM), its diffusion is limited mainly to large companies, leaving a lack of empirical evidence…
Abstract
Purpose
Despite the emergence and strategic importance of project risk management (PRM), its diffusion is limited mainly to large companies, leaving a lack of empirical evidence addressing SMEs. Given the socio-economic importance of SMEs and their need to manage risks to ensure the success of their strategic and innovative projects, this research aims to investigate how to adopt PRM in SMEs with a positive cost–benefit ratio.
Design/methodology/approach
This study presents an exploratory and explanatory research conducted through multiple-case studies involving 10 projects performed in Spanish and Italian small and medium-sized enterprises (SMEs).
Findings
The results obtained highlight how project features (commitment type, innovativeness, strategic relevance and managerial complexity) and firms' characteristics (sector of activity, production system and access to public incentives) influence PRM adoption, leading to different levels and types of benefits.
Originality/value
The paper offers practical indications about PRM phases, activities, tools and organizational aspects to be considered in different contexts to ensure the project's success and, ultimately, the company's growth and sustainability. Such indications could not be found in the literature.
Details
Keywords
The purpose of this study is to extend theoretical understanding on social enterprises’ growth orientation. Inspiration is drawn from the fundamentals of prospect theory and…
Abstract
Purpose
The purpose of this study is to extend theoretical understanding on social enterprises’ growth orientation. Inspiration is drawn from the fundamentals of prospect theory and threat-rigidity theory, as the role of external threats as a source of growth orientation is largely absent from the social enterprise growth literature. According to previous studies, social enterprises grow mainly because of their social mission and social opportunities.
Design/methodology/approach
The qualitative research is conducted by analysing thematic interviews from seven, growth-oriented social enterprises operating in Finland.
Findings
The study provides novel insights on social enterprises’ growth orientation by drawing attention to the plurality of growth motivations and showing the importance of perceived threats as the origin of their growth pursuits. Goals of growth are defined mainly in terms of organisational and financial performance of the firm.
Practical implications
Social enterprise managers and boards are encouraged to cooperate in analysing the significance of external threats and opportunities for their business and to concentrate on defining measurable social goals to ensure balanced growth.
Originality/value
The study demonstrates that the behavioural theories offer a beneficial departure point for studying social venture growth. By clarifying the role of the perceptions of the firm’s internal actors and showing that growth is sometimes seen as a response to external threats, the study increases theoretical understanding on social enterprises’ growth orientation.
Details
Keywords
Anna Wójcik-Karpacz, Sascha Kraus and Jarosław Karpacz
This article investigates (in)direct relationships between team-level entrepreneurial orientation and team performance, where team entrepreneurial orientation (EO) is measured as…
Abstract
Purpose
This article investigates (in)direct relationships between team-level entrepreneurial orientation and team performance, where team entrepreneurial orientation (EO) is measured as a team-level construct, not as concentration of team members' scores. In this article, the authors present and explore how EO-oriented behaviour within a team affect its performance, taking into account the team's trust in a manager and commitment to team and company goals.
Design/methodology/approach
This article focuses on a quantitative analysis of 55 teams operating within a large high-tech manufacturing enterprise, gathered through a traditional survey. The conceptual framework for this research was based on the theories of organisational citizenship, extra-role behaviour and social exchange. The authors explain how contextual factors establish a framework which enables team EO transformation towards higher performance of teams.
Findings
The results show that (team) performance benefits from EO-related behaviours. However, individual dimensions of EO are not universally beneficial and need to be combined with a mutual trust and/or commitment to team enterprise's goals to achieve high performance.
Originality/value
The findings provide important insight into which team factors may be targeted at the intervention or support of team members, including managers and immediate superiors who lack an active personality and are not willing to take risks at workplace. The authors adopted EO instruments, mutual trust and commitment from an individual scale to a team one, and also offer new opportunities to analyse such phenomena from a new level and evaluate them from the perspective of team managers.
Details
Keywords
Gundula Glowka, Robert Eller, Mike Peters and Anita Zehrer
The vulnerability of the tourism industry to an array of risks, encompassing family-related, small- and medium-sized enterprise-specific, strategic, tourism-specific and external…
Abstract
Purpose
The vulnerability of the tourism industry to an array of risks, encompassing family-related, small- and medium-sized enterprise-specific, strategic, tourism-specific and external factors, highlights the landscape within which small and medium family enterprises (SMFEs) operate. Although SMFEs are an important stakeholder in the dynamic tourism sector, they are not one homogenous group of firms, but have different strategic orientations. This study aims to investigate the interplay between strategic orientation and risk perception to better understand SMFEs risk perception as it is impacting their decision-making processes, resilience and long-term survival. The authors investigate how different strategic orientations contribute to different perspectives on risk among owner-managers.
Design/methodology/approach
Based on a qualitative data corpus of 119 face-to-face interviews, the authors apply various coding rounds to better understand the relationship between strategic orientations and the perceptions of risks. Firstly, the authors analysed the owner–manager interviews and identified three groups of different strategic orientations: proactive and sustainability-oriented SMFE, destination-affirmative and resilience-oriented SMFE and passive SMFE. Secondly, the authors coded the interviews for different risks identified. The authors identified that the three groups show differences in the risk perceptions.
Findings
The data unveil that the three groups of SMFEs have several differences in how they perceive risks. Proactive and sustainability-oriented SMFEs prioritize business risks, demonstrating a penchant for innovation and sustainability. Destination-affirmative and resilience-oriented SMFEs perceive a broader range of risks, tying their investments to destination development, emphasizing family and health risks and navigating competitive pressures. Passive SMFEs, primarily concerned with external risks, exhibit limited awareness of internal and strategic risks, resist change and often defer decision-making to successors. The findings underscore how different strategic orientations influence risk perceptions and decision-making processes within SMFEs in the tourism industry.
Research limitations/implications
The authors contribute to existing knowledge include offering a comprehensive status quo of perceived risks for different strategic orientations, a notably underexplored area. In addition, the differences with respect to risk perception shown in the paper suggest that simplified models ignoring risk perception may be insufficient for policy recommendations and for understanding the dynamics of the tourism sector. For future research, the authors propose to focus on exploring the possible directions in which strategic orientation and risk perception influence one another, which might be a limitation of this study due to its qualitative nature.
Practical implications
Varying strategic orientations and risk perceptions highlight the diversity within the stakeholder group of SMFE. Recognizing differences allows for more targeted interventions that address the unique concerns and opportunities of each group and can thus improve the firm’s resilience (Memili et al., 2023) and therefore leading to sustainability destinations development. The authors suggest practical support for destination management organizations and regional policymakers, aimed especially at enhancing the risk management of passive SMFEs. Proactive SMFE could be encouraged to perceive more family risks.
Social implications
Viewing tourism destinations as a complex stakeholder network, unveiling distinct risk landscapes for various strategic orientations of one stakeholder has the potential to benefit the overall destination development. The proactive and sustainability-oriented SMFEs are highly pertinent as they might lead destinations to further development and create competitive advantage through innovative business models. Passive SMFEs might hinder the further development of the destination, e.g. through missing innovation efforts or succession.
Originality/value
Although different studies explore business risks (Forgacs and Dimanche, 2016), risks from climate change (Demiroglu et al., 2019), natural disasters (Zhang et al., 2023) or shocks such as COVID-19 (Teeroovengadum et al., 2021), this study shows that it does not imply that SMFE as active stakeholder perceive such risk. Rather, different strategic orientations are in relation to perceiving risks differently. The authors therefore open up an interesting new field for further studies, as risk perception influences the decision-making of tourism actors, and therefore resilience.
Details