The increasing number of cyber-attacks requires an organizational awareness about the disruptive effects of fraud attempts and acts of vandalism on business continuity and, sometimes, on company survival. The context influences the way companies use and adapt these theories in practice, so we consider in this study differences in the effectiveness of cybersecurity best practices between organizations that manage internally or outsource the cybersecurity processes. We conducted a study involving 153 managers’ experts in cybersecurity who responded to a survey on the effectiveness of NIST procedures. Results revealed significant differences in the effectiveness of managing cybersecurity in-house or outsource it. Specifically, major differences can be observed in the variables related to the use of disciplinary processes, the protection of log information, and the use of lessons learned to improve recovery plans. These differences provide further insights for cybersecurity management literature and a practical instrument for organizations willing to adapt their cyber processes to their organizational context.

The Effectiveness of Outsourcing Cybersecurity Practices: A Study of the Italian Context

Palombi G.
2022-01-01

Abstract

The increasing number of cyber-attacks requires an organizational awareness about the disruptive effects of fraud attempts and acts of vandalism on business continuity and, sometimes, on company survival. The context influences the way companies use and adapt these theories in practice, so we consider in this study differences in the effectiveness of cybersecurity best practices between organizations that manage internally or outsource the cybersecurity processes. We conducted a study involving 153 managers’ experts in cybersecurity who responded to a survey on the effectiveness of NIST procedures. Results revealed significant differences in the effectiveness of managing cybersecurity in-house or outsource it. Specifically, major differences can be observed in the variables related to the use of disciplinary processes, the protection of log information, and the use of lessons learned to improve recovery plans. These differences provide further insights for cybersecurity management literature and a practical instrument for organizations willing to adapt their cyber processes to their organizational context.
2022
978-3-030-89911-0
Confirmatory study
Cyber risk
Externalization
Internalization
NIST framework
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12606/10480
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 6
social impact