Linking Cybersecurity and Accounting: An Event, Impact, Response Framework

Overview

With recent high-profile cybersecurity breaches and increased practitioner and regulatory attention, organizations are under pressure to consider the accounting implications of these attacks and develop appropriate responses. Specifically, cybersecurity events may affect organizations’ operations, financial and non-financial performance, and ultimately its stakeholders. To address how cybersecurity issues may affect accounting, this paper presents an Event, Impact, Response Framework to discuss current research and consider implications for both practitioners and researchers. The Framework highlights how practitioners may rely on research findings to better assess cybersecurity threats, understand their impact, and develop response strategies. Results encourage additional research examining how (1) organizations identify cybersecurity threats, incidents, and breaches, (2) cybersecurity affects different risks, and (3) management responses to cybersecurity risks and events. The Framework also suggests the need for cybersecurity research to extend beyond the Accounting Information Systems (AIS) community to areas such as financial accounting, managerial accounting, and auditing.

Highlights

• Cybersecurity • Accounting Information Systems (AIS)

Objectives

• Apply the principles of the Event, Impact, Response Framework to evaluate how cybersecurity events may impact different aspects of an organization. • Apply research findings to develop effective response strategies for managing cybersecurity threats in an organizational context. • Apply critical thinking skills to identify areas where cybersecurity research can bridge gaps in accounting practices and extend beyond the Accounting Information Systems (AIS) community.