Date of Conferral

2022

Degree

Ph.D.

School

Management

Advisor

Holly Rick

Abstract

Retail organizations are driven to improve security posture for many reasons, including meeting financial regulation requirements, mitigating threats of data breach, and differentiating themselves within markets affected by customer perception. The problem was that little was known about how these drivers of internal control, cybersecurity risk, and competitive advantage impact retail cybersecurity budgets within the retail sector. The purpose of this quantitative nonexperimental correlational study was to describe the relationship between cybersecurity budget and drivers of internal control, cybersecurity risk, and competitive advantage among U.S.-based retail merchant organizations. Real options theory provided a foundation for explaining this decision-making process. Data were collected from a web-based survey of 66 U.S. retail merchants. Results from multiple linear regression analysis indicated a positive predictive relationship between the driver of internal control and cybersecurity budget (F = 10.369, p = .002). Analysis also resulted in a regression formula by which assessment of this predictive organizational trait may be used to forecast or benchmark expected cybersecurity budget. Retail organizations may evaluate these factors to learn how they may be contributing to inefficient cybersecurity investment strategies, and security firms and regulators may develop improved tools and education initiatives by which to address drivers of underinvestment. With this information, leaders may effect social change by optimizing security investments that lead to lower prices, improved consumer privacy, and a more stable retail economy.

Share

 
COinS