Does digitalisation increase cyber incidents? – Empirical evidence from non-technology firms in the USA
URL
Journal Title
Journal ISSN
Volume Title
School of Business |
Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Authors
Date
2024
Department
Major/Subject
Mcode
Degree programme
Accounting
Language
en
Pages
88 + 8
Series
Abstract
There has been plenty of research about the effect of digitalisation in accounting literature during the last decade. The research has primarily concentrated on organisational, professional, and educational impacts on accountants, the digital economy, and the effects of digitalisation on corporate reporting and supporting accounting information systems. On the other hand, in cybersecurity, the research has concentrated on audit quality and audit fees, internal audits, financial consequences, and organisation’s cybersecurity disclosures, to name a few. To the best of my knowledge, no previous research exists on whether the level of digitalisation is associated with the risk of a firm experiencing cyber incidents. This thesis studies the effects of digitalisation on cyber incidents in non-technology firms in the USA. It aims to answer whether the increased level of digitalisation results in an increased information security gap as an increased risk of cyber incidents or if it results in the opposite in the form of increased cyber resilience brought upon by digitalisation, i.e., lower risk of cyber incidents. The aspects studied in this thesis include the impact of firms’ level of digitalisation and other firm characteristics such as size, profitability, financial healthiness, and auditor in experiencing a cyber incident. The results of this thesis confirm that the risk of cyber incidents is positively and significantly associated with the level of digitalisation. This result is in line with the expectation. As no prior research exists on the impact of digitalisation on cyber risks, this result cannot be directly compared to the results of prior academic work. In addition to the level of digitalisation, this thesis finds firms’ number of employees and size to be positively associated with the risk of reporting cyber incidents. In contrast, financially healthier firms are negatively associated. In addition, a post-hoc analysis of the data is performed to study how firms’ reported cyber incidents are impacted by the existence of the Chief Information Officer, Chief Information Security Officer and Chief Risk Officer roles, which are used as a measure of firms’ preparedness for the cyber risks in this thesis. This study finds that the Chief Information Officer role in the firm correlates positively with the increased likelihood of reporting cyber incidents.Description
Thesis advisor
Sihvonen, JukkaKiran, Anila
Keywords
accounting, digitalisation, cyber, cybersecurity, non-technology firms, USA