Journal title FINANCIAL REPORTING
Author/s Chiara Crovini, Pier Luigi Marchini
Publishing Year 2023 Issue 2023/1
Language English Pages 29 P. 97-125 File size 201 KB
DOI 10.3280/FR2023-001004
DOI is like a bar code for intellectual property: to have more infomation
click here
Below, you can see the article first page
If you want to buy this article in PDF format, you can do it, following the instructions to buy download credits
FrancoAngeli is member of Publishers International Linking Association, Inc (PILA), a not-for-profit association which run the CrossRef service enabling links to and from online scholarly content.
Purpose: This article focuses on cyber risk as an emerging issue within the risk management process and the internal control system in the financial sector. It in-vestigates whether cyber risk management (CRM) is (dis)integrated into traditional enterprise risk management (ERM) and analyzes the external dynamics affecting the CRM design. Design/methodology/approach: This article draws upon institutional theory and the concept of boundary objects. The research examines a listed Italian bank and gathers the data from semi-structured interviews, direct observations, meet-ings, and archival sources. Findings: The findings underline that cyber risk rationale plays a crucial role in the CRM process. The interplay between institutional complexity and the need to manage cyber risk is critical for a bank to have a stable and flexible infrastructure. The knowledge boundaries related to the cyber risk culture require further cyber risk talk. Originality/value: This research furthers the understanding of cyber risk and CRM as an integral part of the ERM and internal control systems in the financial sector, in which there is a shortage of case studies. The financial sector is highly regulated, and managing cyber risk has become crucial as banks usually deal with enormous amounts of personal and sensitive data stored on networks and in the cloud. Practical implications: This case study emphasizes the crucial role of CRM in the identification and reporting of cyber risk information in annual reports.
Keywords: cyber risk management, internal control system, multi-perspective ap-proach, case study, financial sector, risk information.
Jel codes: G21, G28, M41, M48
Chiara Crovini, Pier Luigi Marchini, Managing cyber risk in the financial sector: Insights from a case study in "FINANCIAL REPORTING" 1/2023, pp 97-125, DOI: 10.3280/FR2023-001004