Abstract
This study uses analytical models to investigate whether requiring cybersecurity assurance or a particular maturity level for vendors or contractors will help them improve their cybersecurity management. Our findings suggest that, if a supplier decides on its preferred cybersecurity maturity level without knowing what level a contract requires, the supplier is more likely to exert more effort to improve its cybersecurity management. We also show that a buyer can incentivize the supplier to engage in improving cybersecurity risk management by imposing a reduced contractual price or a fine when a breach occurs. Our findings reveal the role played by cybersecurity maturity level assurance and we discuss practical implications.
Original language | English |
---|---|
Article number | 100695 |
Journal | International Journal of Accounting Information Systems |
Volume | 54 |
DOIs | |
State | Published - Sep 2024 |
Keywords
- Analytical model
- Cybersecurity assurance
- Cybersecurity maturity model