Abstract
Purpose – This paper aims to update the cybersecurity-related accounting literature by synthesizing 39 recent theoretical and empirical studies on the topic. Furthermore, the paper provides a set of categories into which the studies fit. Design/methodology/approach – This is a synthesis paper that summarizes the research literature on cybersecurity, introducing knowledge from the extant research and revealing areas requiring further examination. Findings – This synthesis identifies a research framework that consists of the following research themes: cybersecurity and information sharing; cybersecurity investments; internal auditing and controls related to cybersecurity; disclosure of cybersecurity activities; and security threats and security breaches. Practical implications – Academics, practitioners, and the public would benefit from a research framework that categorizes the research topics related to cybersecurity in the accounting field. This type of analysis is vital to enhance the understanding of the academic research on cybersecurity and can be used to support the identification of new lines for future research. Originality/value – This is the first literature analysis of cybersecurity in the accounting field, and it has significant implications for research and practice by detailing, for example, the benefits of and obstacles to information sharing. This synthesis also highlights the importance of the model for cybersecurity investments. Further, the review emphasizes the role of internal auditing and controls to improve cybersecurity.
Highlights
The increasing use of digital technologies among companies has emphasized the importance and role of cybersecurity as a new risk management dimension, not least because cyber threats and risks have attracted significant attention from the public (Amir et al, 2018; Li et al, 2018)
Internal auditing faces the need to adapt once again to address the critical risks associated with cybersecurity (e.g. IIA, 2018), and this study emphasizes that cybersecurity has become more and more important for accounting and public policy
Every organization should implement a cybersecurity program or a cybersecurity strategy. This applies to countries and jurisdictions, and it was argued that it is essential for countries to publish national cybersecurity strategies
Summary
The increasing use of digital technologies among companies has emphasized the importance and role of cybersecurity as a new risk management dimension, not least because cyber threats and risks have attracted significant attention from the public (Amir et al, 2018; Li et al, 2018). Cybersecurity is more often acknowledged as a severe organizational concern best addressed by integrating it as a part of managerial control system (Gordon et al, 2008) This development is partly because of enforcement and supervision by regulatory authorities (SEC, 2018ab), and partly because of increased guidance from the Big 4 accounting firms and audit industry organizations (AICPA, 2018a, 2018b); market discipline plays a part (Gordon et al, 2010, 2011; Berkman et al, 2018; Amir et al, 2018). It explicitly stated that the goal of the reporting framework is to provide a means by which organizations can communicate useful information regarding their cybersecurity risk management programs to stakeholders. The cybersecurity report includes the following three key sets of information:
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
