Purpose of the Study

Discuss about the Influence of Counterfactual Reasoning and Trust.

This report will examine the impact of cyber security on the performance of different organizations. Data confidentiality is essential for companies as they will have to maintain the anonymity and privacy of their consumers and violation of this factor will result in loss of consumer trust and heavy penalty due to the breach of the data protection law (Dawson and Thomson 2018).  The risk involved in cyber security have increased significantly where majority of the companies are an easy prey for the hackers. The research will identify the different elements of cyber security and the factors affecting organizational performance due to cyber security. Moreover, the major challenges faced by the organizations and how they can be mitigated will also be analysed in this study.

The project objective will define the purpose of conducting the research and the outcome the project wants to achieve. The objectives for the current project are as follows:

• To identify the impact of cyber security on organizational performance
• To investigate the different elements of cyber security
• To evaluate the different components of organizational performance
• To identify the different risk factors and challenges for cyber-attack within an organization
• To recommend suitable strategies for mitigating the security challenges

The project will define the activities and outcomes of the research that will have to be achieved for the success of the project.  The project scope will consist of identifying the different factors of cyber security and their effect on the elements of organizational performance. Moreover, various challenges faced by the organization in cyber risk mitigation along the risk mitigation techniques will be identified in the study.

With the dynamic progress of business industry in different sectors organizational experts are getting dependent with the advancement of technology. By implementing advanced technology the organizations like to maintain financial database for evaluating profit and loss. Flores, Antonsen and Ekstedt (2014) opined that with the emergence of technology the rate of cyber-attack is also increasing day by day. A successful cyber-attack and security breach can cause financial damage, reputational damage and legal damage. However, this very specific study has focused to make in-depth overview about the impact of cyber security in maintaining overall organizational performances. Numerous eminent scholars have provided their own point view regarding the research issue based on which an effective critical analysis is conducted.

As emphasized by Safa et al. (2014), cyber security is the systematic technique for securing computer networks, protecting database from being accessed unauthorized way. Four major areas are there that are covered within cyber security. The areas include application security, information security, disaster security and network security. Application security protects the application design, deployment and upgrade or maintenance. Information security primarily protects information by preventing the unauthorized persons for accessing devices. As stated by Soomro, Shah and Ahmed (2016), network security implies the usability, integrity and safety of network. By using anti-virus software and Virtual Private Networks the act of cyber-attack can be reduced. While evaluating the case study on research issue it is observed that large numbers of organizations are there who are using their devices without protecting passwords.

Objectives of the Project

On the other hand, issue has also been identified that business experts are sharing their files without making proper encryption. As a result, organization has to face challenges in maintaining data security. Ainin et al. (2015) opined that data is getting leaked in front of third party that resulted a serious harm in maintaining the overall reputation of business. As the device are not properly password protected any unauthorized person could access organizational data be it financial or internal business record. Sometimes, financial database is firmly manipulated based on which the financial experts could not maintain the proper financial data for evaluating profit and loss. As a result, it ultimately becomes the cause of financial damage and well as damage of reputation. Ifinedo (2014) stated in this occasion, the organization would not be able to sustain their image and reputation due to the lack of data security. In this kind of situation, large numbers of practitioners and researcher has raised their voice for maintaining cyber security technology for overcoming organizational damages. As a result, both the service providers as well as service users of an organization would get equal benefits and facilities.     

Lowry et al. (2014) opined that amidst four major areas of cyber security the business experts have to face insecure immensely in maintaining information security due to the lack of proper password protection on devices. In the year 2016 of December Yahoo highlighted the fact that over one billion accounts had been compromised due to security breach. In 2017 the incident of data breaches has been raised up to 30%. In spite of the proliferation of cyber-attack capabilities as well as their potential implications, large numbers of organizations are there who are still performing poorly with respect to cyber security management. Metrication method and theory believes that data variables should be combined for producing a meaningful result. As per the concept of Metrication user should supply the system architecture by reducing the risk factors. With the gradual growth of criminal activities users should implement anti-virus software on business devices. As a result, there is least opportunity in being theft of necessary data and information. In order to run the entire process of business every organization has to maintain several acts and regulations at the workplace. Siponen, Mahmood and Pahnila (2014) opined that Data protection act is one of the most significant regulations due to which the business experts have to secure their organizational data by keeping cyber security on devices. However, breach of data in the current business scenario is a familiar incident. Emergence of malware, virus on computer is the most valid reasons because of which business experts fail to maintain data protection act at the workplace properly. However, this particular incident has major negative effective on the overall growth of business performance.

Scope of the Project

Data protection is the most prominent impact of cyber security based on which organization can easily maintain their confidentiality of business record. Pathan (2016) opined that maintaining database is not only about maintaining financial facts and figures about profit and loss. The entire record of organizational hierarchy, the individual detail of internal as well as external stakeholders is saved. In this kind of situation, if an unauthorized person is able to access confidential data of an organization it would certainly cause financial as well as reputational damage. In addition, cyber security is able to protect computers against virus, malware, worms, spyware and so on. Protecting the project networks and resources is the primary role of cyber security. However, Ifinedo (2014) has also stated that implementing cyber security on devices is not one time investment. If the organization intends to get the result of cyber security continuously the business experts need to update the software time to time. Otherwise, the process of cyber security will become invalid.

The entire literature review has provided critically analysis about the impact of cyber security on overall performance of organization. The study has critically evaluated that the emergence of technology the rate of cyber-attack is also increasing day by day. A successful cyber-attack and security breach can cause financial damage, reputational damage and legal damage (Soomro, Shah and Ahmed 2016). However, in the very specific literature review the study did not focus to analysis which the business experts are unable to maintain cyber security while using advanced devices. Lack of proper financial strength is one of the most effective reasons due to which data is not protected properly within organization. The study has avoided making critical review about the factors that affect in maintaining cyber security at business floor.

• What is the impact of cyber security on organizational performance?

• What are the different elements of cyber security?
• What are the different components of organizational performance?
• What are the different risk factors for cyber-attack within an organization?

H0: Cyber security has no positive influence on the performance of an organization

H1: Cyber security has positive influence on the performance of an organization

The study will follow the research onion developed by Saunders to provide justification for choosing each of the methods and frameworks in the study. This model will provide an effective way of designing the methodology for the given project.  The research methodology is selected based on the nature of the study and the purpose of the research (Lewis 2015). This study is an applied research where a definitive conclusive will be derived and the outcome of the study will used by the managers in different organizations to reduce the challenges faced by the organizations.

Introduction to Cyber Security

In this current study, mixed method will be used to conduct the research and so two research designs will be used for developing relevant findings.  The different research designs are exploratory, explanatory and conclusive but in this study due to the use of mixed method, sequential explanatory is the appropriate research resign (Hintze 2015). The sequential explanatory design will conduct the quantitative analysis of data and then the qualitative analysis will be conducted to support the findings of the quantitative analysis.

The research philosophy provides a clear understanding of the methods and assumption taken in to the study to collect and examine the data.  The different research philosophies are positivism, realism, pragmatism and interpretivism (Taylor, Bogdan and DeVault 2015). However, in this study pragmatism has been chosen as the research philosophy as it will accept multiple theories for evaluating the collected dataset.  Pragmatism accepts all possible outcomes if proper validations is provided so pragmatism assumes that interpretation of research are different in different cases as existence of multiple realities is possible. Therefore, pragmatism will facilitate in modifying the different philosophical assumptions and as a result the assumptions will be shifted to a different position on the continuum.

There are mainly two different research approaches, one is inductive approach and other is the deductive approach. In this study, deductive approach has been chosen as it will assist in evaluating the existing theories (Mackey and Gass 2015). The inductive approach is used to develop new frameworks and theories. The scope of observation can be improved by using the deductive approach.

The qualitative study will conduct primary data collection and analysis where the open ended questionnaire will be developed to interview the higher level of management within an organization (Palinkas et al. 2015). The questionnaire will be semi structured and patterns within the answers of the management level of employees will provide a diverse dimension to the study. Therefore, in qualitative analysis content analysis will be conducted for developing findings.

Sampling is a method of reducing the population size for the ease of analysis of the data. There are two types of sampling methods in the study, one is probabilistic sampling and other non-probabilistic sampling (Bryman and Bell 2015). In the qualitative analysis of data, non-probabilistic sampling will be used where initially 15 respondents were selected but the sample size has been reduced to 10 higher level managers.

The validity and reliability of qualitative data is a key factor for the success of the project. It is difficult to maintain the reliability and validity of qualitative data as human interaction is an important component in qualitative analysis (LoBiondo-Wood and Haber 2014). Therefore, data sets will be collected multiple times to check whether similar result has been obtained using the qualitative analysis. Moreover, the reliability of the qualitative data is evaluated by examining the extent to which the prescribed methods are being used.

Factors Affecting Organizational Performance Due to Cyber Security

In quantitative data analysis primary data will be collected through survey and the questionnaire will consist of close ended questions. The questions will be asked to the employees that belong to the lower level of hierarchy in different organizations (Dumbach 2014).  The collected data will be statistically analysed where the frequency of the responses will be represented through graphs and charts. The descriptive statistics will provide the mean, median and mode. The regression analysis will evaluate the degree and nature of relationship between cyber security and organizational performance. The study will use Ms Excel as the tool for statistical analysis.

Sampling is more prevalent in quantitative data analysis and conducting a survey will consist of gathering data from a large population. Therefore, in this currents study, simple random sampling will be used to select 100 sample respondents out of 300 respondents (Sekaran and Bougie 2016). These 100 respondents will represent the overall population where randomization will be used to provide all the respondents equal opportunity of being selected for the study.

Reliability is the ability of the research design to replicate the result using different sample set. In this study, test rated reliability will be used where multiple samples will be collected to check the accuracy and precision of the results (Heale and Twycross 2015). On the other hand, validity will be consist of evaluate the appropriateness of the different methodologies used in the study. The research will emphasize on validity and reliability so that ideal result is developed form the study.

Research ethics is important for any research and in this study the anonymity of the respondents will be maintained and all the requirements of the data protection act will be followed. The respondents will be educated about the reason for conducting the research and none of them will be forced to take part.

In this current research no particular sector or organization has been selected so the scope of the study is broad and as cyber security challenges will be different in various operating environment due to the diverse online data protection laws in diverse countries.  Therefore, the findings will be generalized and may not hold true for some companies operating in different operating environment. Moreover, the study has also avoided selecting a particular organization or sector so industry specific implications cannot be obtained.

Main activities/ stages	Week1	Week2	Week3	Week4	Week5	Week 6
Topic Selection	ü
Data collection from secondary sources	ü	ü
Framing layout of the research		ü
Literature review		ü	ü	ü
Formation of the research Plan			ü	ü
Selection of the Appropriate Research Techniques				ü	ü
Primary data collection					ü	ü
Analysis & Interpretation of Data Collection					ü	ü
Conclusion of the Study						ü
Formation of Rough Draft						ü
Submission of Final Work						ü

Conclusion

The study has developed effective project objectives, research questions, hypothesis and methodology for conducting the research.  The research will be able to develop significant result if the prescribed methodology is followed. Cyber security has become one of the biggest concerns for different organizations due to the increase in data breach activities in the past couple of years. Therefore, the findings can be quite significant and have an in depth practical implication in the market.

Challenges Faced by Organizations in Cyber Risk Mitigation

Reference List

Ainin, S., Parveen, F., Moghavvemi, S., Jaafar, N.I. and Mohd Shuib, N.L., 2015. Factors influencing the use of social media by SMEs and its performance outcomes. Industrial Management & Data Systems, 115(3), pp.570-588.

Bryman, A. and Bell, E., 2015. Business research methods. Oxford University Press, USA.

Dawson, J. and Thomson, R.H., 2018. The Future Cyber Workforce: Going Beyond Technical Skills for Successful Cyber Performance. Frontiers in Psychology, 9, p.744.

Dumbach, M., 2014. Data collection and analysis. In Establishing Corporate Innovation Communities (pp. 70-78). Springer Gabler, Wiesbaden.

Flores, W.R., Antonsen, E. and Ekstedt, M., 2014. Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture. Computers & Security, 43, pp.90-110.

Heale, R. and Twycross, A., 2015. Validity and reliability in quantitative studies. Evidence-based nursing, pp.ebnurs-2015.

Hintze, S., 2015. Research Design and Methodology. In Value Chain Marketing (pp. 53-68). Springer, Cham.

Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.

Lewis, S., 2015. Qualitative inquiry and research design: Choosing among five approaches. Health promotion practice, 16(4), pp.473-475.

LoBiondo-Wood, G. and Haber, J., 2014. Reliability and validity. Nursing research-ebook: Methods and critical appraisal for evidencebased practice. Missouri: Elsevier Mosby, pp.289-309.

Lowry, P.B., Posey, C., Bennett, R.B.J. and Roberts, T.L., 2015. Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: An empirical study of the influence of counterfactual reasoning and organisational trust. Information Systems Journal, 25(3), pp.193-273.

Mackey, A. and Gass, S.M., 2015. Second language research: Methodology and design. Routledge.

Palinkas, L.A., Horwitz, S.M., Green, C.A., Wisdom, J.P., Duan, N. and Hoagwood, K., 2015. Purposeful sampling for qualitative data collection and analysis in mixed method implementation research. Administration and Policy in Mental Health and Mental Health Services Research, 42(5), pp.533-544.

Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press.

Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015. Information security conscious care behaviour formation in organizations. Computers & Security, 53, pp.65-78.

Sekaran, U. and Bougie, R., 2016. Research methods for business: A skill building approach. John Wiley & Sons.

Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information security policies: An exploratory field study. Information & management, 51(2), pp.217-224.

Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), pp.215-225.

Taylor, S.J., Bogdan, R. and DeVault, M., 2015. Introduction to qualitative research methods: A guidebook and resource. John Wiley & Sons.