Just do it. Managing IT and cyber risks to create value

The purpose of this paper is to analyze when and how IT and cyber risks may impact the value creation of an organization. In fact, these may have critical impacts on organizational performance in many industries. However, as threats become more frequent and severe, investments in security initiatives tend to decrease. The paper aims at investigating the perceptions that exist regarding managing IT and cyber risk. In addition the paper proposes a framework for IT and cyber risk management, and determines whether effective risk management can enhance and protect value creation. We distributed a questionnaire grounded on the literature of the last five years to a sample of European organizations that are leaders in their industries and that operate both locally and globally. We elaborated the data through the fuzzy methodology. The findings reveal the need for an increasing awareness of what current risks are, which may provide valuable theoretical insights into and highlight managerial implications regarding how to protect value creation.