Cybersecurity and cyber risk in integrated and management reports of key service operators

Cybersecurity and cyber risk in integrated and management reports of key service operators

Purpose: The scope of interactive information processed and exchanged through cyberspace has grown exponentially. Therefore, there is a need to develop cybersecurity that protects this space against both internal and external threats, as well as to work out an appropriate reporting system on the cyb...

Full description

Bibliographic Details
Main Author: Aleksandra Ferens
Format: Article
Language:English
Published: Rada Naukowa SKwP 2021-07-01
Series:Zeszyty Teoretyczne Rachunkowości
Subjects:
cybersecurity
cyber risk
business model
IT security
Online Access:http://ztr.skwp.pl/gicid/01.3001.0014.9558
id doaj-aafe9ce91869493ea2ecdce9afb58a20
record_format Article
spelling doaj-aafe9ce91869493ea2ecdce9afb58a202021-07-20T16:49:24ZengRada Naukowa SKwPZeszyty Teoretyczne Rachunkowości1641-43812391-677X2021-07-01452315010.5604/01.3001.0014.955801.3001.0014.9558Cybersecurity and cyber risk in integrated and management reports of key service operatorsAleksandra Ferens0Uniwersytet Ekonomiczny w Katowicach Katedra RachunkowościPurpose: The scope of interactive information processed and exchanged through cyberspace has grown exponentially. Therefore, there is a need to develop cybersecurity that protects this space against both internal and external threats, as well as to work out an appropriate reporting system on the cybersecurity model operating in the company. The aim of the paper is to identify and assess the disclosures on cybersecurity and cyber risk in the integrated and management reports of selected companies listed on the Warsaw Stock Exchange. Methodology: The study focused on the integrated and management reports of 17 selected companies identified as operators of so-called key services. The representative sample was chosen through purposive sampling. This process was preceded by a preliminary analysis of companies listed in the WIG 30 Index, drawing on the number of integrated reports prepared by the operators of key services. The research involved an analysis of the literature and legal regulations, as well as the structure and scope of information on cybersecurity reported by the surveyed companies, along with the deductive method. The results of the analysis showed that only some companies present information on existing cyber risks and cybersecurity, while information is scattered in different parts of the business reports and non-comparable due to the lack of a unified data structure. It was noted that the reports do not contain detailed information on the activities in the field of cybersecurity, which makes it impossible to perform a multifaceted and multisectoral assessment of the results reported by the entities. Originality: The paper builds on and thus complements the scientific achievements in the field of non-financial reporting, including the business model, by identifying the shortcomings related to reporting on how to protect companies against the risk related to cyber threats in the reports to date. The study also confirms the need to improve the content of business reports with quantitative and qualitative information in this regard http://ztr.skwp.pl/gicid/01.3001.0014.9558cybersecuritycyber riskbusiness modelIT security
collection DOAJ
language English
format Article
sources DOAJ
author Aleksandra Ferens
spellingShingle Aleksandra Ferens
Cybersecurity and cyber risk in integrated and management reports of key service operators
Zeszyty Teoretyczne Rachunkowości
cybersecurity
cyber risk
business model
IT security
author_facet Aleksandra Ferens
author_sort Aleksandra Ferens
title Cybersecurity and cyber risk in integrated and management reports of key service operators
title_short Cybersecurity and cyber risk in integrated and management reports of key service operators
title_full Cybersecurity and cyber risk in integrated and management reports of key service operators
title_fullStr Cybersecurity and cyber risk in integrated and management reports of key service operators
title_full_unstemmed Cybersecurity and cyber risk in integrated and management reports of key service operators
title_sort cybersecurity and cyber risk in integrated and management reports of key service operators
publisher Rada Naukowa SKwP
series Zeszyty Teoretyczne Rachunkowości
issn 1641-4381
2391-677X
publishDate 2021-07-01
description Purpose: The scope of interactive information processed and exchanged through cyberspace has grown exponentially. Therefore, there is a need to develop cybersecurity that protects this space against both internal and external threats, as well as to work out an appropriate reporting system on the cybersecurity model operating in the company. The aim of the paper is to identify and assess the disclosures on cybersecurity and cyber risk in the integrated and management reports of selected companies listed on the Warsaw Stock Exchange. Methodology: The study focused on the integrated and management reports of 17 selected companies identified as operators of so-called key services. The representative sample was chosen through purposive sampling. This process was preceded by a preliminary analysis of companies listed in the WIG 30 Index, drawing on the number of integrated reports prepared by the operators of key services. The research involved an analysis of the literature and legal regulations, as well as the structure and scope of information on cybersecurity reported by the surveyed companies, along with the deductive method. The results of the analysis showed that only some companies present information on existing cyber risks and cybersecurity, while information is scattered in different parts of the business reports and non-comparable due to the lack of a unified data structure. It was noted that the reports do not contain detailed information on the activities in the field of cybersecurity, which makes it impossible to perform a multifaceted and multisectoral assessment of the results reported by the entities. Originality: The paper builds on and thus complements the scientific achievements in the field of non-financial reporting, including the business model, by identifying the shortcomings related to reporting on how to protect companies against the risk related to cyber threats in the reports to date. The study also confirms the need to improve the content of business reports with quantitative and qualitative information in this regard
topic cybersecurity
cyber risk
business model
IT security
url http://ztr.skwp.pl/gicid/01.3001.0014.9558
work_keys_str_mv AT aleksandraferens cybersecurityandcyberriskinintegratedandmanagementreportsofkeyserviceoperators
_version_ 1721293435460124672

Similar Items