摘要
This study uses analytical models to investigate whether requiring cybersecurity assurance or a particular maturity level for vendors or contractors will help them improve their cybersecurity management. Our findings suggest that, if a supplier decides on its preferred cybersecurity maturity level without knowing what level a contract requires, the supplier is more likely to exert more effort to improve its cybersecurity management. We also show that a buyer can incentivize the supplier to engage in improving cybersecurity risk management by imposing a reduced contractual price or a fine when a breach occurs. Our findings reveal the role played by cybersecurity maturity level assurance and we discuss practical implications.
| 原文 | ???core.languages.en_GB??? |
|---|---|
| 文章編號 | 100695 |
| 期刊 | International Journal of Accounting Information Systems |
| 卷 | 54 |
| DOIs | |
| 出版狀態 | 已出版 - 9月 2024 |