Cyber Risk. The New Enemy for Risk Management in the Age of Globalisation

Journal title MANAGEMENT CONTROL
Author/s Chiara Crovini, Giovanni Ossola, Pier Luigi Marchini
Publishing Year 2018 Issue 2018/2 Suppl.
Language English Pages 21 P. 135-155 File size 248 KB
DOI 10.3280/MACO2018-SU2007
DOI is like a bar code for intellectual property: to have more infomation click here

Below, you can see the article first page

If you want to buy this article in PDF format, you can do it, following the instructions to buy download credits

Article preview

FrancoAngeli is member of Publishers International Linking Association, Inc (PILA), a not-for-profit association which run the CrossRef service enabling links to and from online scholarly content.

The present paper is a theoretical study on the topic of cyber risk and cyber risk management. This research represents the first step of a far deeper analysis on this topic that aims at underlining the main characteristics of cyber risk, delineating future developments in managing it and strengthening the importance of sharing information and creating a shared knowledge between countries. Good situational awareness and cyber risk analytics are vital in helping firms identify weaknesses, rank threat scenarios, identify countermeasures and set priorities for intelligence gathering. There emerges the need to improve the traditional risk management process, by considering the necessity to manage not only risks, but also uncertainties, by implementing Business Continuity Management systems with the aim to build business resilience. To do that, one possible solution might be represented by the intervention of gov-ernments with laws and frameworks that might help companies fight cyber threats.

Keywords: Cyber Risk Management, Cyber Risk, Business Continuity Manage-ment, Theoretical Paper, Globalisation, Resilience.

  1. Abbott A. (2004), Methods of Discovery: Heuristics for the Social Sciences. New York, W. W. Norton.
  2. ACFE (2011), Fundamentals of Computer and Internet Fraud, -- http://www.acfe.com/uploadedfiles/shared_content/products/self-study_cpe/fundamentals-of-computer-and-internet-fraud-2011-chapter-excerpt.pdf [Last accessed: May, 2017].
  3. Alvesson M., Kärreman D. (2007), Constructing mystery: empirical matters in theory development, Academy of Management Review, 32, pp. 1265-81. DOI: 10.5465/AMR.2007.26586822
  4. Alvesson M., Kärreman D. (2011), Qualitative Research and Theory Development. Mystery as Method, London, Sage. DOI: 10.4135/9781446287859
  5. Alvesson M., Sandberg J. (2011), Generating research questions through problematization, Academy of Management Review, 36, pp. 247-71.
  6. Alvesson M., Sandberg J. (2013), Constructing Research Questions: Doing Interesting Re-search, London, Sage. DOI: 10.4135/9781446270035
  7. Amaduzzi A. (1961), La pianificazione nell’economia dell’azienda industriale, Torino, Giappichelli.
  8. Bernoulli D. (1954), Exposition of a new theory on the measurement of risk, Econometrica, 22, 1, pp. 23-36. DOI: 10.2307/1909829
  9. Bertini U. (1987). Introduzione allo studio dei rischi nell'economia aziendale, Milano, Giuffrè.
  10. Beyer H., Sendhoff B. (2007), Robust optimization – a comprehensive survey, Computer Methods in Applied Mechanics and Engineering, 196, 33-34, pp. 3190-3218.
  11. Biener C., Eling M., Wirfs J.H. (2015), Insurability of Cyber Risk: An Empirical Analysis, Working Paper of Finance, University of St. Gallen, no. 2015/3.
  12. Boin A. (2010), Designing Resilience: Leadership Challenges in Complex Administrative Systems, in Comfort L. K., Boin A. and Demchak C. eds, Designing Resilience: Preparing for Extreme Events, 129-141, Pittsburgh, PA, Pittsburgh University Press.
  13. Boin A., Hart P., Stern E., Sundelius B. (2005), The Politics of Crisis Management: Public Leadership Under Pressure, Cambridge, Cambridge University Press.
  14. Boin A., van Eeten J.G. (2013), The resilient organisation, Public Management Review, 15, 3, pp. 429-445. DOI: 10.1080/14719037.2013.769856
  15. Brusa L. (2012), Sistemi manageriali di programmazione e controllo, Milano, Giuffrè.
  16. Capaldo P. (1965), La programmazione aziendale, Milano, Giuffrè.
  17. Chapman C.B., Cooper D.F. (1983), Risk engineering: Basic controlled interval and memory models, Journal of the Operational Research Society, 34, 1, pp. 51-60.
  18. Chessa F. (1929), La teoria economica del rischio e dell’assicurazione, Vol. I, Padova, Cedam.
  19. CIS Sapienza, CINI (2015), Italian Cyber Security Report. Un report nazionale per la cyber security, -- www.cybersecurityreport.com [Last accessed: February, 2017].
  20. Comfort L.K., Boin R.A., Demchak C., eds (2010), Designing Resilience: Preparing for Extreme Events, Pittsburgh, PA, Pittsburgh University Press.
  21. Committee of Sponsoring Organizations of the Treadway Commission (COSO), (2004). Enterprise Risk Management - Integrated Framework, Vol. 2. -- http://www.coso.org/erm-integratedframework.htm [Last accessed June 18, 2016].
  22. Corsani G. (1941), La gestione delle imprese mercantili e industriali, Padova, Cedam.
  23. Davis M. S. (1971), That’s interesting! Towards a phenomenology of sociology and a sociology of phenomenology, Philosophy of Social Sciences, 1, pp. 309-44. DOI: 10.1177/00483931710010021
  24. D'Onza G. (2008), Il sistema di controllo interno nella prospettiva del risk management, Milano, Giuffrè.
  25. Drennan L., McConnell A. (2007), Risk and Crisis Management in the Public Sector, Abingdon, Routledge.
  26. Ferrero G. (1968), Istituzioni di economia d’azienda, Milano, Giuffrè.
  27. Ferrero G. (1987), Impresa e Management, Milano, Giuffrè.
  28. Fisher I. (1919), Nature of capital and income, New York, MacMillan.
  29. Foster H. (1993), Resilience Theory and System Evaluation, in Wise J. A., Hopkin V. D., Stager P. eds, Verification and Validation of Complex Systems: Human Factor, 35-60, NATO Advanced Science Institutes, Series F: Computer and Systems Sciences, Vol. 110, New York, Springer.
  30. Giannessi E. (1960), Le aziende di produzione originaria - Le aziende agricole, Vol. I., Pisa, C. Cursi.
  31. Gigerenzer G., Hertwig R., Pachur T. (2011), Heuristics: The foundations of adaptive behaviour, 1st edition, New York, Oxford University Press
  32. Gobbi U. (1919), Trattato di Economia, Milano, Società editrice Libraria.
  33. Hardy C.O. (1931), Risk and Risk-bearing, Chicago, The University of Chicago Press.
  34. Head L.G. (2009), Risk Management – Why and How, Dallas, Texas, International Risk Management Institute.
  35. Hieb J.L. (2007), Cyber security risk assessment for SCADA and DCS networks, ISA Transactions, 46, pp. 583-594
  36. Hoffmann A., Ramaj H. (2011), Interdependent risk networks: the threat of cyber attack, International Journal of Management and Decision Making, 11, 5/6, pp. 312-323. DOI: 10.1504/IJMDM.2011.043406
  37. Kaplan R.S., Mikes A. (2012), Managing Risks: A New Framework, Harvard Business Re-view, 90, 6, 16.
  38. Kendra J., Wachtendorf T. (2003), Elements of Resilience After the World Trade Center Disaster: Reconstituting New York City’s Emergency Operations Center, Disasters, 27, 1, pp. 37-53. DOI: 10.1111/1467-7717.00218
  39. Knight F.H. (1921), Risk, Uncertainty and Profit, Boston, Houghton Mifflin Co..
  40. Laurence A.G., Loeb M.P., Sohail T. (2003), A Framework for Using Insurance for Cyber-risk Management, Communications of the ACM, 46, 3, pp. 81-85. DOI: 10.1145/636772.636774
  41. MMC Cyber Handbook (2016), Increasing Resilience in the digital economy, Global Risk Center, -- www.mmc.com [Last accessed: February, 2017].
  42. Mousavi S., Gigerenzer G. (2014), Risk, uncertainty and heuristics, Journal of Business Re-search, 67, pp. 1671-1678.
  43. Mukhopadhyay A., Chatterjee S., Saha D., Mahanti A., Sadhukan S.K. (2013), Cyber-risk decision models: To insure IT or not?, Decision Support Systems, 56, pp. 11-26.
  44. Mukhopadhyay A., Saha D., Chakrabarti B.B., Mahanti A., Podder A. (2005), Insurance for Cyber-risk: A Utility Model, Decision, 32, 1, pp. 153-169.
  45. National Institute of Standards and Technology (2017), Framework for Improving Critical Infrastructure Cybersecurity, -- www.nist.gov/cyberframework [Last accessed: February, 2017].
  46. Oberparleiter K. (1955), Funktionen und Risiken des Warenhendels, Wien, Spaeth & Linde.
  47. Öğüt H., Menon N. (2005), Cyber insurance and IT security investment: impact of interdependent risk, Fourth Workshop on the Economics of Information Security (WEIS), Harvard.
  48. Öğüt H., Raghunathan S., Menon N. (2011), Cyber security risk management: public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection, Risk Analysis, 31, 3, pp. 497-512.
  49. Power M. (2004), The risk management of everything : rethinking the politics of uncertainty, London, Demos.
  50. Power M. (2009), The risk management of nothing, Accounting, Organizations and Society, 34, pp. 849-855.
  51. PricewaterHouseCoopers (2015), Enhancing business resilience: Transforming Cyber risk management through the role of the Cief Risk Officer (CRO), December, -- www.pwc.com/financialservices.
  52. Reid R., and Courtenay Botterill L. (2013), The Multiple Meanings of 'Resilience': An Overview of the Literature, Australian Journal of Public Administration, 72, 1, pp. 31-40. DOI: 10.1111/1467-8500.12009
  53. Ruan K. (2017), Introducing cybernomics: A unifying economic framework for measuring cyber risk, Computers & Security, 65, pp. 77-89.
  54. Sandberg J., Tsoukas H. (2011), Grasping the logic of practice. Theorizing through practical rationality, Academy of Management Review, 36, pp. 338-60. DOI: 10.5465/AMR.2011.59330942
  55. Sassi S. (1940), Il sistema dei rischi d’impresa, Milano, Vallardi.
  56. Soin K., Collier P. (2013), Risk and risk management in management accounting and control, Management Accounting Research, 24, 2, pp. 82-87.
  57. Spencer M., Siegelman L. (1964), Managerial Economics. Decision Making and forward planning, Homewood, Irvin.
  58. Sullivan-Taylor B. and Wilson D.C. (2009), Managing the Threat of Terrorism in British Travel and Leisure Organizations, Organization Studies, 30, 2-3, pp. 251-276. DOI: 10.1177/0170840608101480
  59. Torabi S.A., Giahi R., and Sahebjamnia N. (2016), An enhanced risk assessment framework for business continuity management systems, Safety Science, 89, pp. 201-218.
  60. Vale L. J., Campanella T. J. (2005), The Resilient City: How Modern Cities Recover From Disaster, Oxford, Oxford University Press.
  61. Wildavsky A. (1988), Searching for Safety, New Brunswick, NJ, Transaction Books.
  62. Willet A.H. (1901), The economic theory of risk and insurance, in Studies in History, Economics and Public Law, Vol. XIV, New York, The Columbia University Press.
  63. Woods D. D., Hollnagel E. (2006), Joint Cognitive Systems: Patterns in Cognitive Systems Engineering, Boca Raton, FL, Taylor and Francis.
  64. Zappa G. (1927), Tendenze nuove negli studi di ragioneria, discorso inaugurale dell’anno accademico 1926-27 nel R. Istituto Superiore di Scienze economiche e commerciali di Venezia.
  65. Zappa G. (1956), Le produzioni nelle economie delle imprese, Tomo I, Milano, Giuffrè.

  • A Web Platform for Integrated Vulnerability Assessment and Cyber Risk Management Pietro Russo, Alberto Caponi, Marco Leuti, Giuseppe Bianchi, in Information /2019 pp.242
    DOI: 10.3390/info10070242
  • Managing cyber risk in the financial sector: Insights from a case study Chiara Crovini, Pier Luigi Marchini, in FINANCIAL REPORTING 1/2023 pp.97
    DOI: 10.3280/FR2023-001004
  • Exploring the nexus between corporate digitalisation and environmental sustainability: The moderating role of slack resources Sebastiano Cupertino, Gianluca Vitale, in MANAGEMENT CONTROL 1/2024 pp.87
    DOI: 10.3280/MACO2024-001005
  • Dare‐to‐Share: Collaborative privacy‐preserving recommendations with (almost) no crypto Pietro Russo, Lorenzo Bracciale, Giuseppe Bianchi, in SECURITY AND PRIVACY e153/2021
    DOI: 10.1002/spy2.153
  • Ontology-Based System for Dynamic Risk Management in Administrative Domains Mario Vega-Barbas, Víctor A. Villagrá, Fernando Monje, Raúl Riesco, Xavier Larriva-Novo, Julio Berrocal, in Applied Sciences /2019 pp.4547
    DOI: 10.3390/app9214547

Chiara Crovini, Giovanni Ossola, Pier Luigi Marchini, Cyber Risk. The New Enemy for Risk Management in the Age of Globalisation in "MANAGEMENT CONTROL" 2 Suppl./2018, pp 135-155, DOI: 10.3280/MACO2018-SU2007