Felicitas Hoppe, Nadine Gatzert and Petra Gruner
This article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.
Abstract
Purpose
This article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.
Design/methodology/approach
This is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.
Findings
The results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.
Originality/value
This paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.
Details
Keywords
Alexandre Duarte and Patrícia Dias
Following Howard Bowen's legacy for responsible business practices, together with the actual growing pressure of societal problems, such as climate change, social inequality…
Abstract
Following Howard Bowen's legacy for responsible business practices, together with the actual growing pressure of societal problems, such as climate change, social inequality, geopolitics instability, etc., business leaders all around the world are being asked, if not demanded, to show and act as action persons who effectively contribute to a better common value creation. This confluence of situations has led to many CEOs feeling pressured to take a stand in sociopolitical themes, many times outside their businesses' areas, which have become known as CEO activism.
This study aimed to explore if and how this international growing trend is manifesting in the Portuguese context, by exploring the perspective of Portuguese CEOs on the topic, the course of action that they are taking, and how they evaluate risks and opportunities.
For these purposes, we implemented a qualitative methodology based on interviews to 24 Portuguese CEOs and used thematic analysis to explore them. Our findings reveal that, although Portuguese CEOs are aware of this trend, they acknowledge both risks and opportunities, and their activism is still incipient. Plus, they strongly believe that CEO activism must be aligned with the values and mission of the organization they represent. Finally, Portuguese CEOs are convinced of activism being genuine, and therefore should be first implemented within the organization, which is where most of them focus their action. Our work provides an original mapping of the CEO activism landscape in Portugal and an insightful discussion of the CEO's perspective on this growing phenomenon.