The purpose of this paper is to analyze when and how IT and cyber risks may impact the value creation of an organization. In fact, these may have critical impacts on organizational performance in many industries. However, as threats become more frequent and severe, investments in security initiatives tend to decrease. The paper aims at investigating the perceptions that exist regarding managing IT and cyber risk. In addition the paper proposes a framework for IT and cyber risk management, and determines whether effective risk management can enhance and protect value creation. We distributed a questionnaire grounded on the literature of the last five years to a sample of European organizations that are leaders in their industries and that operate both locally and globally. We elaborated the data through the fuzzy methodology. The findings reveal the need for an increasing awareness of what current risks are, which may provide valuable theoretical insights into and highlight managerial implications regarding how to protect value creation.

Just do it. Managing IT and cyber risks to create value

GAUDENZI, Barbara;SICILIANO, Giorgia Giusi
2017-01-01

Abstract

The purpose of this paper is to analyze when and how IT and cyber risks may impact the value creation of an organization. In fact, these may have critical impacts on organizational performance in many industries. However, as threats become more frequent and severe, investments in security initiatives tend to decrease. The paper aims at investigating the perceptions that exist regarding managing IT and cyber risk. In addition the paper proposes a framework for IT and cyber risk management, and determines whether effective risk management can enhance and protect value creation. We distributed a questionnaire grounded on the literature of the last five years to a sample of European organizations that are leaders in their industries and that operate both locally and globally. We elaborated the data through the fuzzy methodology. The findings reveal the need for an increasing awareness of what current risks are, which may provide valuable theoretical insights into and highlight managerial implications regarding how to protect value creation.
2017
978-84-608-3840-1
IT risk, cyber risk, risk management, value creation, fuzzy set method
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11562/959786
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact