IMPLICATIONS ON MANAGING CYBER SECURITY RISKS FACED BY

BUSINESS ENTERPRISES IN AVOIDING FINANCIAL

DATA BREACHES

Research Proposal

Submitted to the Faculty of the

College of Economics, Management, and Development Studies

Cavite State University

Indang, Cavite

In partial fulfillment

of the requirements for the degree

Bachelor of Science in Accountancy

CHARLENE DEE G. OBAÑA

BS Accountancy 3-4

December 2022
 Republic of the Philippines
CAVITE STATE UNIVERSITY
DON SEVERINO DE LAS ALAS CAMPUS
Indang, Cavite
www.cvsu.edu.ph

COLLEGE OF ECONOMICS, MANAGEMENT, AND DEVELOPMENT STUDIES

Department of Accountancy

Author: CHARLENE DEE G. OBAÑA

Title: IMPLICATIONS ON MANAGING CYBER SECURITY RISKS FACED BY

BUSINESS ENTERPRISES IN AVOIDING FINANCIAL

DATA BREACHES

APPROVED:

DOLORES L. AGUILAR, CPA, DBA

Adviser Date

DOLORES L. AGUILAR, CPA, DBA

Department Chairperson Date

EDRIANE E. SERRANO MARY GRACE A. ILAGAN

Technical Critic Date College Research Coordinator Date

TITA C. LOPEZ, PhD

Dean Date
 TABLE OF CONTENTS

TITLE PAGE .............................................................................................................. i

APPROVAL SHEET.................................................................................................. ii

INTRODUCTION ...................................................................................................... 1

Statement of the Problem ...................................................................................... 3

Objectives of the Study .......................................................................................... 3

Significance of the Study........................................................................................ 4

Scope and Limitations of the Study ........................................................................ 5

Definition of Terms ................................................................................................. 5

Theoretical Framework .......................................................................................... 8

Conceptual Framework .......................................................................................... 9

REVIEW OF RELATED LITERATURE AND STUDIES .......................................... 10

METHODOLOGY .................................................................................................... 16

Research Design ................................................................................................. 16

Hypotheses .......................................................................................................... 16

Sources of Data ................................................................................................... 17

Sampling Technique ............................................................................................ 17

Data Gathering Procedure ................................................................................... 17

Statistical Treatment of Data ................................................................................ 18

REFERENCES ........................................................................................................ 19
 IMPLICATIONS ON MANAGING CYBER SECURITY RISKS FACED BY
BUSINESS ENTERPRISES IN AVOIDING FINANCIAL
DATA BREACHES

Charlene Dee G. Obaña

An undergraduate thesis submitted to the faculty of Department of Accountancy,

College of Economics, Management and Development Studies, Cavite State University
Indang, Cavite in partial fulfillment of the requirements for the degree of Bachelor of
Science in Accountancy with Contribution No. Prepared under the
supervision of Dr. Dolores L. Aguilar, CPA.

INTRODUCTION

Many business enterprises have been transitioning to digital, considering that

technological advancements contribute major significance to the daily operations of a

business. As these digital tools continue to bring reliance on and accessibility of

information within and outside the company, cybersecurity threats and attacks arise.

Thus, making cyber exposures and financial data breaches inevitable.

As stated by the Institute of Risk Management, cybersecurity risk can mean

any risk of financial loss, disruption, or damage to the reputation of an organization

from some sort of failure of its information technology systems (cited in IRM Cyber

Risk: Executive Summary, 2014). There are several factors in how cyber threats

happen; In the study by Dr. Veena. S et al. (2018), cyber risks may occur due to natural

disasters, technical collapses, accidental or intentional. Some are misuse, violation of

permissions, and overloading of the network. Threats to the company's safety might

come internally and externally. Insiders such as employees, partners, clients,

suppliers, and contractors having access to your business-critical assets, even

outsiders such as organized criminals or criminal groups, professional hackers, and

amateur hackers, can be the reason behind these actions (Invest Northern Ireland).
 2

Cybercrimes are usually motivated by financial gain, and losses continue to

increase every year; According to the J.D. Power 2016 Cyber Insurance Pulse Study,

companies lose about $188,400 from cyber-related attacks annually. These attacks

are most likely to increase over the next two years, as ThoughtLab executives envision

that these risks are primarily rooted in software misconfigurations (49%), human error

(40%), poor maintenance (40%), and unknown assets (30%). It has been a growing

concern for many experts since many studies revealed that a high percentage of

organizations are unprepared to face cyber threats. In a study, Cybersecurity Solutions

for a Riskier World, by B. A. Hamilton et al. (2022), about 29% of CEOs and CISOs

and 40% of chief security officers disclosed their organizations' unpreparedness for a

rapidly changing threat landscape. "The reasons cited include the complexity of supply

chains (44%), the fast pace of digital innovation (41%), inadequate cybersecurity

budgets and lack of executive support (both 28%), a convergence of digital and

physical assets (25%), and shortage of talent (24%)," (cited in ThoughtLab, 2022).

While these lists have brought damages, what mainly concerns the

organizations in the Philippines is data loss (70%) among other participants (Kroll,

October 2022). Recently, in the Philippines, the Bank of the Philippine Islands (BPI)

experienced a system glitch that caused them to receive complaints from its account

holders. According to a news article in The Manila Times, customers encountered

duplicate transactions, deductions, and unauthorized withdrawals on their accounts (A.

Cua and E. Gomez, 2023). Since these incidents happen daily, Bangko Sentral ng

Pilipinas (BSP) bring about reporting within two hours of first detecting the crime to

stop cyber-related crimes or internal operational glitches from spreading (L.

Chipongian, 2023). The BSP said this is necessary due to the “speed of exploitation,

a proliferation of attack tools and actors, and potentially massive extent of the damage”

(cited in Manila Bulletin, 2023).

As financial data breaches have been an issue globally, enterprises should

practice countering these threats by maintaining data integrity, security, and

 3

confidentiality. "93% of cybersecurity professionals agree that humans and technology

need to work together to detect and respond to threats" (M. Williams, 2018); It also

stated that security-related risks are reduced by 70% when businesses invest in

cybersecurity training and awareness. It is only critical to have proper knowledge of

management and security plans. Therefore, cyber risk management is a helpful

strategy for identifying areas of vulnerability in minimizing the risks and preventing

revenue loss from compromised data and resources (M. Adams, 2022). This study will

seek implications on these issues — mainly faced by business enterprises — could be

overcome.

Statement of the Problem

The researcher aims to answer the following research questions:

1. What types of cybersecurity risks do selected enterprises are mainly facing?

2. What types of cybersecurity tools are present in the organization?

3. What cybersecurity solutions are used by the selected enterprises?

4. Is there any significant relationship between:

a. the estimated cost of the company's intended cybersecurity tools and their

percentage on cybersecurity effectiveness,

b. the average lost revenue the company incurs from security breaches and

the elapsed time of recovery from cybersecurity attacks, and

c. the regularity of employee training and monitoring concerning cybersecurity

and how frequently insider threats happen?

Objectives of the Study

The objectives of the study are the following:

1. To determine the types of cybersecurity risks that selected business

enterprises are mainly facing.

2. To find out the cybersecurity tools used by the selected organizations.

 4

3. To determine the cybersecurity solutions used by the enterprise.

4. To assess if there is any significant relationship between:

a. the estimated cost of the company's intended cybersecurity tools and their

percentage on cybersecurity effectiveness,

b. the average lost revenue the company incurs from security breaches and

the elapsed time of recovery from cybersecurity attacks, and

c. the regularity of employee training and monitoring concerning cybersecurity

and how frequently insider threats happen.

Significance of the Study

As technology brings more proficiency to people, cyber threats jointly increase.

Hence, it is only vital for companies to embrace new ideas and strategies in dealing

with these risks and keep up with changes. This research will bring the utmost

advantage to the researcher, while it is also beneficial to whoever seeks it, particularly

those related to and affected by this study.

Legal and regulatory bodies. The information in this research can be

beneficial in developing laws and regulations; in recognizing and resolving issues

faced by business enterprises. It will help to enhance the implemented rules and keep

up with the constant changes in circumstances in the digital world.

Business enterprises. This study mainly benefits businesses, particularly in

managing cybersecurity risks. It will provide them with information on ensuring safety

and security amidst financial data breaches.

IT security managers. At the end of this research, these experts will also be

beneficiaries; through seeing the perspective of other companies on how they cope

with cybersecurity risks. It will help them gain new knowledge from other's experiences

and practices. And adapt these in observing operations.

 5

Management. This study will help to build on a better foundation of internal

control. By seeing possibilities and implications, management can have much more

secure governance in maintaining integrity within the organization.

Future researchers. This research can be a reference and give additional

knowledge to those who wish to conduct a study related to cybersecurity. It will enable

the researcher to be resourceful and bring significance to this field; to further expand

the scope and enlighten issues overlooked in this study.

Scope and Limitations of the Study

This study focuses on the implications of managing cybersecurity risks faced

by business enterprises. It aims to look at the tools, solutions, and types of risks faced

by the fifteen (15) conveniently selected participating business enterprises —with

existing cybersecurity— with the intent of avoiding financial data breaches. The study

will also aim to correlate the relationship between the estimated cost of the company's

intended cybersecurity tools and their percentage of cybersecurity effectiveness.

Furthermore, the research will assess if there is any significant connection between

the average lost revenue the company incurs from security breaches and the elapsed

time of recovery from cybersecurity attacks. As well as the regularity of employee

training and monitoring concerning cybersecurity and how frequently insider threats

happen in the organization.

This study will not discuss the questions excluded and overlooked in this

research. It will be limited to fifteen (15) locally available business enterprises with prior

experience regarding cybersecurity threats. Beyond the stated framework of this

research will not be tackled.

Definition of Terms

The terminologies below were expounded for a clearer and better

understanding of the study.

 6

Types of cyber risks (A. Ghadge et al., 2020)

Physical threats. Disruption to the functioning or deliberate damaging or theft

of physical infrastructure components. The physical dimension includes tangibles such

as switches, servers, routers and other ICT devices.

Breakdown. Not deliberate; Systems or resources breaking down, such as

outdated firewalls or landing pages.

Indirect attacks. Denial of service or password sniffing. In the Indirect attacks

the attackers lay out ‘bait’ which enables them to access the target system.

Direct attacks. Virus attack/ hacking attacks impacting the operations,

counterfeit products, and spoofing attacks.

Insider threats. Carelessness, lack of awareness, intentions, or indebted

accidents by employees.

Types of cybersecurity tools (BrainStation Inc., n.d.)

Network security monitoring tools. These tools are used to analyze network

data and detect network-based threats. Examples of tools include Argus, Nagios, Pof,

Splunk, and OSSEC.

Encryption tools. Protects data by scrambling text so that it is unreadable to

unauthorized users. Examples of tools include Tor, KeePass, VeraCrypt, NordLocker,

AxCrypt, and TrueCrypt.

Web vulnerability scanning tools. These software programs scan web

applications to identify security vulnerabilities including cross-site scripting, SQL

injection, and path traversal. Examples include: Burp Suite, Nikto, Paros Proxy, and

SQLMap.

Penetration testing. Simulates an attack on a computer system in order to

evaluate the security of that system. Examples are: Metasploit, Kali Linux, Netsparker,

and Wireshark.

Antivirus software. Designed to find viruses and other harmful malware,

including ransomware, worms, spyware, adware, and Trojans. Examples are: Norton
 7

360, Bitdefender Antivirus, Norton AntiVirus, Kapersky Anti-Virus, and McAfee Total

Protection.

Network intrusion detection. Monitors network and system traffic for unusual

or suspicious activity and notifies the administrator if a potential threat is detected.

Packet sniffers. Used to intercept, log, and analyze network traffic and data.

Examples of tools include Wireshark, Tcpdump, and Windump.

Firewall tools. A network security device that keeps track of and filters

incoming and outgoing network traffic in accordance with the security guidelines

previously established by the company.

Managed detection services. Analyze and proactively detect and eventually

eliminate cyber threats. Alerts are investigated to determine if any action is required.

Types of cybersecurity solutions (PurpleSec, 2022)

Endpoint Detection and Response (EDR). Network-connected computing

devices, capable of communicating with other points and devices across the network.

Such devices come in many forms, from PCs, tablets, and mobile phones to smart

vehicles and light bulbs.

Security Information and Event Monitoring (SIEM). Gathers log and event

information from a growing number of infrastructure-wide data sources (applications,

network and endpoint security tools, cloud monitoring tools, identity providers, etc.).

After that, this data is examined using established threat detection algorithms and

queries to spot illegal or suspect activity.

Artificial Intelligence & Machine Learning (AI & ML). Represents an

important evolution in computer science and data processing. The goal is to simulate

natural intelligence to solve complex problems. AI is decision-making. ML allows

systems to learn new things from data.

Virtual Private Network (VPN). VPNs encrypt your internet traffic and disguise

your online identity. This makes it more difficult for third parties to track your activities

online and steal data.

 8

Managed Detection & Response (MDR). a cybersecurity strategy focused on

detecting cyber-attacks before they reach a critical stage. MDR relies on cloud

computing, which provides important information about a threat and how it was

detected. MDR takes this information and creates defensive measures to combat the

attack.

Theoretical Framework

The Global Cybersecurity Index (GCI) Conceptual Framework. Is a project

that seeks to precisely assess the state of cybersecurity progress in each nation state.

The ultimate objective is to support the development of a culture of cybersecurity

around the world and its incorporation into the foundation of information and

communication technology. The International Telecommunication Union (ITU) and

business ABI Research are the organizations that have started the initiative.

Political, criminal, terrorist, and hacktivist groups are only a few of the many,

well-organized, and diversified types of cybercriminals. As they gain knowledge and

expertise, the instruments at their disposal get more complex and advanced, and the

increasing number of interconnected platforms only serves to provide new attack

opportunities. There is no turning back to earlier eras. Cybersecurity must be a vital

and unbreakable component of the process of embracing technological advancement.

The GCI's long-term goal is to promote additional initiatives for the adoption

and integration of cybersecurity on a global level. Comparing national cybersecurity

plans will show which states excel in particular areas, exposing less well-known but

effective cybersecurity strategies. This may lead to more information being shared

about implementing cybersecurity for those states with varying levels of development.

The index will enable states to evaluate where they are on a scale of development,

where they need to make additional improvements, and how far they are from adopting

an acceptable degree of cybersecurity by measuring the level of cybersecurity

preparedness in various areas. The development of more secure and resilient

 9

infrastructure can be made possible by early adoption of cybersecurity as all states

move toward a more digital and connected world. (International Telecommunication

Union, 2018)

This project bases its logical theory on the future of cybersecurity risks. Their

goal is to develop cybersecurity management globally, which supports the concepts of

this study. Managing cybersecurity risks around the world needs global participation.

Hence, this research is motivated by the objective of this logic.

Conceptual Framework

Below is a flowchart of processes that illustrates the conceptual framework and

shows the considerable correlation between the expected cost of the company's

intended cybersecurity tools and their involvement to cybersecurity effectiveness. The

graph demonstrates the relationship between the amount of time it takes to recover

from cybersecurity attacks and the average lost revenue that a company incurs as a

result of security breaches. In a similar manner, used as a measure of the relation

between the regularity of employee training and monitoring concerning cybersecurity

and the frequency of insider threats.Finally, the illustration represents the connection

of these variables to the aim of cybersecurity risk management.

Figure 1. Conceptual framework of the study

 10

REVIEW OF RELATED LITERATURE AND STUDIES

After an extensive and thorough investigation of both local and international

sources, the researcher summarizes the relevant literature and studies in this chapter.

Importance of Cybersecurity on Business

For businesses, cybersecurity is crucial since it increases overall productivity.

For instance, there should be professionals who are aware of how to prevent viruses

from harming computers. Otherwise, companies risk losing a significant amount of

time-sensitive business hours because a hack could stop the production. It would also

waste the time and effort of the workers, which would ultimately result in inefficiency.

Security is therefore essential for corporate productivity (Dhaval, 2021).

Aside from that, business's reputation is damaged by cyberattacks because

they have a big impact on how customers perceive the business. Customers who have

supported a brand or company for decades will gradually start doing business with

rivals. Its significance is due to the fact that data security and privacy are crucial in

today's society. Customers will stop trusting a corporation if it doesn't protect their data

(Din, 2022).

The importance of cyber security should never be overlooked by businesses.

Data breaches can happen at any time, even to the most technologically advanced

organizations, therefore businesses should never feel too confident in the security of

their corporate data given the rising number of cyber threats (Linao, 2022).

Impact of Financial Data Breaches

In the short term, a data breach could result in urgent repair as well as any fines

related to the information that cybercriminals may have obtained. In the short term, a

cyber insurance provider can assist organizations with root cause analysis, pay for the

costs of reporting a breach, and in some situations, cover the reputational harm caused
 11

by the breach. The effects of a data breach, however, are always there in the long run

(Johnson, 2022).

A data leak might be the end of a company. Since 60% of SMBs will close their

doors within six months of the attack, this is very alarming for SMBs. Even though

larger businesses and agencies probably won't have to close their doors, they

nonetheless face serious consequences (Poremba, 2021).

The macroeconomy has undoubtedly been harmed by the cost of breaches.

Every organization, meanwhile, takes a moment to sit down and create its budget at

least once a year. Strong security is becoming a mission-critical need. Business

executives must make difficult decisions as the cost of data breaches keeps rising.

Prices for goods and services will rise if the cost of doing business increases as a

result of security worries (Reed, 2022).

Relation of Accounting to Cybersecurity

Some people believe that the accounting life cycle and data security are

unrelated. That is factually incorrect. For instance, in addition to hacking, financial data

dangers can also involve mistakes and unintended data breaches, necessitating

complex solutions to protect data. Accountants and accounting firms are aware that

financial data breaches pose a threat to their livelihood, company expansion, client

relationships, and other factors. The same account information that is used to track

debits and credits is also susceptible to viruses and other bad behavior (Accounting

Insights, 2021).

The dangers of ignoring cybersecurity vulnerabilities in accounting are serious.

Accounting firms run the risk of losing money, clients, and their reputation if they don't

have strong defenses. A cyberattack can result in substantial downtime for

organizations while systems are being held for ransom, as well as high costs for

warning customers, evaluating the assault, repairing the damage, and paying for

monitoring (AbacusNext, n.d.).

 12

Even though cyberattacks are a threat to most businesses, accountants are

particularly vulnerable since their systems store enormous amounts of confidential and

sensitive client information. Financial records, tax ID numbers, bank account

information, salary information, investment data, future plans, and intellectual property

are the most common types of this. Access to this crucial data will be highly motivated

for any cybercriminal (Dinu, 2022).

Internal Control to Mitigate Cybersecurity Risks

The development of internal controls that guarantee processes, policies, and

procedures are made to preserve valuable corporate assets and keep the business

secure and intact is one of the most efficient approaches to ensure that the

organization is taking the right actions to reduce risks. Internal controls give employees

the resources they need to do their duties in a way that safeguards the company's

reputation, its customers, and its financial health (ZHAO, 2022).

Like any businesses, family offices need to be cautious about the risks posed

by current and former employees as well as their connections with outside vendors,

especially those who have some level of access to management firm data (Deflin,

2019).

Managers and accountants are not unfamiliar with the need to build and assess

the working efficiency of controls meant to manage the risks of a company. Enterprise

Risk Management (ERM)—Integrated Framework, developed by the Committee of

Sponsoring Organizations of the Treadway Commission (COSO), is frequently used

by businesses to identify significant risks that could negatively affect the

accomplishment of business strategies as well as to design controls to address and

monitor these risks. Managers and auditors assess the design and operational efficacy

of systems of internal control over financial reporting using COSO's Internal Control—

Integrated Framework (ICFR) (Abdullah Al-Moshaigeh, 2019).

 13

Cybersecurity Challenges Faced by Enterprises

A 2018 InsuranceBee poll of small business owners reveals that 54% of them

don't have a strategy in place to fend off cyberattacks. People with the appropriate

computer training and expertise have many opportunities to have a real impact in the

fight against cybercrime because of this lack of readiness and other industry-related

considerations (University of North Dakota, n.d.).

Another study that surveyed more than 500 cybersecurity professionals found

that 57% of them stated their organization was affected by a lack of cybersecurity

capabilities, with just over 10% stating it had a substantial impact. Modern tactics and

a well-trained cybersecurity workforce are required to combat the growing cyber

threats. Companies are having trouble locating people with the necessary

qualifications and equipment to secure their network infrastructures (Riley, 2022).

There's no denying the fact that the number of people doing remote work has

significantly increased. When determining whether to reopen their offices or opt for a

remote workforce, many businesses are choosing to implement hybrid work models

as the pandemic continues to have an impact on communities around the world. The

cybersecurity threats for remote workers are multiplied and expanded as a result of a

distributed work environment. Security breaches are significantly more likely to occur

when remote workers use their home networks (Partida, 2021).

Reasons Behind Cyber Attacks

A majority of cyberattacks—nearly three-quarters—are primarily conducted for

financial gain. Examples include stealing money straight from financial accounts,

obtaining credit card information, creating data breaches, demanding ransom, and

more. After declining to pay the ransom and giving in to the blackmailers' threats, many

businesses went down (LIFARS, 2020).

Some cybercriminal organizations target major corporations using their hacking

skills. They are typically driven by some form of cause, such raising awareness of
 14

human rights issues or warning a major firm about system vulnerabilities. They might

also face off against organizations whose views differ from their own. (Mottl, 2022)

Unfortunately, one of the biggest sources of a data breach isn’t some unknown

or forgotten security bug, it’s human error. According to statistics from a CompTIA

study cited by shrm.org, “Human error accounts for 52 percent of the root causes of

security breaches.” (Data Breach 101: Top 5 Reasons it Happens, n.d.)

Cyber Security in the Philippines

The Cybercrime Prevention Act (CPA) of 2012, also known as Republic Act

10175, is a law on cybersecurity in the Philippines that penalizes cybercriminals who

misuse and abuse all ICT devices, including unauthorized access to information on

them and all activities carried out on and through the Internet for malicious and

unjustified purposes (Castillo, 2022).

Cybersecurity is still not regarded as a top issue in the Philippines, despite

some progress. The nation still views cyberthreats as low risk because it is in the early

stages of its digital transition. Ms. Mirandilla-Santos stressed the requirement for a

thorough national framework as well as the establishment of an institutional framework

for cybersecurity to safeguard "critical infrastructure" (CI). CI are seen as being of the

utmost importance since their interruption or destruction would have a significant

impact on the state and its citizens. These assets, systems, and networks can be either

real or virtual (FACTS Asia Admin, 2022).

Synthesis

Companies Several articles and related studies from international and local

sources supported this research. Firstly, on the importance of cybersecurity on

businesses. It is undeniable that cybersecurity increases productivity in the workplace

while also affecting the customer's trust; as stated above that customers will stop

trusting a corporation if it doesn't protect their data (Din, 2022). Another reason behind
 15

its importance is to avoid financial data breaches from cyberattacks. And it has a

negative impact not just on companies' reputations but also on the economic stability

of a nation since it shows that prices for goods and services will rise if the cost of doing

business increases because of security breaches (Reed, 2022).

Other materials exposed that some people believe that the accounting life cycle

and data security are unrelated (Accounting Insights, 2021). It is unlikely true.

Accountants are particularly vulnerable since their systems store enormous amounts

of confidential and sensitive client information (Dinu, 2022).

On the other hand, internal control is always one of the top priorities of business

experts in ensuring cybersecurity safety. Developing internal controls that guarantee

processes, policies, and procedures are made to preserve valuable corporate assets

and keep the business secure and intact is one of the most efficient approaches to

ensure that the organization is taking the right actions to reduce risks (ZHAO, 2022).

While this brings a brighter future for businesses, challenges are still inevitable.

Possibly the major challenge is the unpreparedness of business when facing cyber

risks (Riley, 2022). Furthermore, it is nothing new that the causes of these actions are

mainly motivated by financial gain. However, many studies suggest that human error

is the main reason behind cyber threats (Data Breach 101: Top 5 Reasons it Happens,

n.d.). Fortunately, similar to international policies, cybercrime laws and litigations are

also present locally. It ensures the penalization of cybercriminals who act on these

wrongdoings, The Cybercrime Prevention Act (CPA) of 2012, also known as Republic

Act 10175.

Many of these studies still need further research as cybersecurity issues

continuously grow. Hence, in this research, this gap needs to be constantly updated

will be the aim of this research through the quantitative method.

 16

METHODOLOGY

This chapter discusses the research design, hypotheses, data sources,

sampling technique, data gathering, and statistical treatment of data used in the

implications of managing cybersecurity risks faced by selected business enterprises in

avoiding financial data breaches.

Research Design

This study will utilize quantitative research — a systematic investigation of

phenomena by gathering quantifiable data and performing statistical, mathematical, or

computational techniques (D. Fleetwood, n.d.). Conducting this study will require

descriptive research to determine the types of cybersecurity risks that selected

business enterprises are mainly facing, the cybersecurity tools they use, and the

solutions they operate. Aside from that, this study will assess the significant

relationships between the estimated cost of the company's intended cybersecurity

tools and their percentage of cybersecurity effectiveness. In addition, the average lost

revenue they incur from security breaches and their elapsed time of recovery from

cybersecurity attacks. Also, the relation between the regularity of employee training

and monitoring concerning cybersecurity and how frequently insider threats happen in

the organization. These will be possible through a correlational method, which

investigates relationships between variables without the researcher's control or

manipulation (P. Bhandari, 2022).

Hypotheses

Ho1: There is no significant relationship between the estimated cost for the company's

intended cybersecurity tools and their percentage of cybersecurity effectiveness.

 17

Ho2: There is no significant relationship between the average lost revenue the

company incurs from security breaches and the elapsed time of recovery from

cybersecurity attacks.

Ho3: There is no significant relationship between the regularity of employee training

and monitoring concerning cybersecurity and how frequently insider threats

happen.

Sources of Data

This study will acquire data from primary sources, particularly from the fifteen

(15) conveniently selected local business enterprises. Aligned with the research

objectives, these organizations should have existing cybersecurity experiences to

come up with accurate answers in collecting needed information in this study. Since

primary sources can include first-hand accounts of a topic from people directly

connected with it (S. Udegbunam, 2021), data gathering might also come from these

forms.

Sampling Technique

The sample size of this research will hold fifteen (15) business enterprises,

considering time constraints and lack of resources originating from the population of

this study. The companies that will participate in this study have backgrounds in

cybersecurity threats and practices. Hence, the study will use non-probability

sampling, which involves non-random selection based on criteria. In particular, a

convenience sampling technique wherein the sample happens to be the most

accessible to the researcher (S. McCombes, 2022).

Data Gathering Procedure

The researcher will use a quantitative approach to collecting information

through survey questionnaires – a list of questions or items used to gather data from
 18

people about their attitudes, experiences, or opinions (P. Bhandari, 2022). In aiming

for the objective of this research, the data gathering will come first-hand or through

primary sources. To further discuss, data may be obtained personally, through internet

communication platforms such as email, or even through originally published

documents of particular companies from its experts, official records, for instance.

In evaluating the collected data, this study will utilize quantitative research tools

in order to come up with implications and results.

Statistical Treatment of Data

After collecting the needed information, this study will treat and analyze the

data using the following statistical tools:

Relative frequency distribution. This statistical tool will help determine the

types of cybersecurity risks that selected business enterprises are mainly facing.

Relative frequency relates the count for a particular class of events to its total number

using percentages, proportions, or fractions (J. Frost, 2021). This treatment will also

apply in identifying the cybersecurity tools that the selected organizations use and their

cybersecurity solutions.

Pearson’s correlation coefficient. In assessing the significant relationships

between the estimated cost of the company's intended cybersecurity tools and their

percentage of cybersecurity effectiveness, Pearson correlation (r) will be the tool to

measure the strength and direction of a linear relationship between two variables

(Jaadi, 2019). Similarly, to determine the average lost revenue they incur from security

breaches and their elapsed time of recovery from cybersecurity attacks. This

parametric measure will also identify the relation between the regularity of employee

training and monitoring concerning cybersecurity and how frequently insider threats

happen in the organization.

 19

REFERENCES

AbacusNext. (n.d.). Addressing Accounting Cybersecurity Challenges in 2022.

Retrieved from OfficeTools: https://www.officetools.com/blog/addressing-

accounting-cybersecurity-challenges-in-

2021/#:~:text=Accounting%20cybersecurity%20practices%20ensure%20that,

%2C%20personal%2C%20and%20professional%20information.

Abdullah Al-Moshaigeh, P. D. (2019, July ). Cybersecurity Risks and Controls.

Retrieved from The CPA Journal:

https://www.cpajournal.com/2019/07/08/cybersecurity-risks-and-controls/

Accounting Insights. (2021, December 22). Accounting Cybersecurity: How To Keep

Financial Data Secure And Safe. Retrieved from Accounting Seed:

https://www.accountingseed.com/blog/accounting-cybersecurity-how-to-keep-

financial-data-secure-and-safe/

Castillo, C. L. (2022). PHILIPPINE CYBERSECURITY IN RETROSPECT (2016-

2021). Retrieved from GOVPH: https://www.ndcp.edu.ph/philippine-

cybersecurity-in-retrospect-2016-2021/

Data Breach 101: Top 5 Reasons it Happens. (n.d.). Retrieved from Whoa Networks:

https://www.whoa.com/data-breach-101-top-5-reasons-it-happens/

Deflin, B. (2019). Top 10 Internal Controls to Mitigate Cybersecurity Risks in the Family

Office. Retrieved from BDO USA: https://www.bdo.com/insights/tax/top-10-

internal-controls-to-mitigate-cybersecurity-risks-in-the-family-office

Dhaval, A. (2021, November 29). Five Reasons Why Cybersecurity Is Important for

Businesses. Retrieved from Project Cubicle:

https://www.projectcubicle.com/five-reasons-why-cybersecurity-is-important-

for-businesses/
 20

Din, A. (2022, February 16). Why Cybersecurity Is Important for Companies? Retrieved

from Heimdal Security: https://heimdalsecurity.com/blog/why-cybersecurity-is-

important-for-companies/

Dinu, C. (2022, November 7). The Role of Cybersecurity in Accounting. Retrieved from

Heimdal Security: https://heimdalsecurity.com/blog/the-role-of-cybersecurity-

in-accounting/

FACTS Asia Admin. (2022, March 30). Cybersecurity in the Philippines: Global and

Local Challenges. Retrieved from FACTS COMPANY:

https://www.factsasia.org/blog/cybersecurity-in-the-philippines-global-and-

local-challenges

International Telecommunication Union. (2018). Global Cybersecurity Index (GCI).

Switzerland: Place des Nations CH-1211 Geneva 20.

Jaadi, Z. (2019, October 15). Everything you need to know about interpreting

correlations. Retrieved from Towards Data Science:

https://towardsdatascience.com/eveything-you-need-to-know-about-

interpreting-correlations-2c485841c0b8

Johnson, T. (2022, September 13). The impact of a data breach. Retrieved from

Security Magazine: https://www.securitymagazine.com/articles/98325-the-

impact-of-a-data-

breach#:~:text=Data%20breach%20effects%20can%20scale,operating%20in

%20a%20digital%20economy.

LIFARS. (2020, March 4). Motivations Behind Cyber-Attacks. Retrieved from LIFARS

Leadership Alliances: https://www.lifars.com/2020/03/motivations-behind-

cyber-attacks/

Linao, P. (2022, March 4). Why is cyber security important to a business? Retrieved

from Office Solutions IT: https://www.officesolutionsit.com.au/blog/why-is-

cyber-security-important
 21

Mottl, C. (2022, March 3). 6 Motivations of Cyber Criminals. Retrieved from CoreTech:

https://www.coretech.us/blog/6-motivations-of-cyber-criminals

Partida, D. (2021, September 23). 5 New Challenges for Cybersecurity in 2021.

Retrieved from Cyber Management Alliance : https://www.cm-

alliance.com/cybersecurity-blog/5-new-challenges-for-cybersecurity-in-2021

Poremba, S. (2021, November 5). 6 Potential Long-Term Impacts of a Data Breach.

Retrieved from Security Intelligence:

https://securityintelligence.com/articles/long-term-impacts-security-breach/

Reed, J. (2022, October 13). How Do Data Breaches Impact Economic Instability?

Retrieved from Security Intelligence:

https://securityintelligence.com/articles/how-data-breaches-impact-economic-

instability/

P. Hopkins (2014). Cyber Risk Executive Summary. Retrieved from IRM:

https://www.cgma.org/resources/reports/downloadabledocuments/irm-cyber-

risk-report-executive-summary.pdf

V. Sundareswaran (2018, March). Study Of Cybersecurity In Data Breaching.

Retrieved from ResearchGate:

https://www.researchgate.net/publication/325300571_STUDY_OF_CYBERS

ECURITY_IN_DATA_BREACHING

S. Kevelighan (2018). Small business, big risk: Lack of cyber insurance is a serious

threat. Retrieved from Insurance Information Institute:

https://www.iii.org/sites/default/files/docs/pdf/small_business_big_risk_10121

8.pdf

NI Business Info. (n.d.). Reasons behind cyber-attacks | nibusinessinfo.co.uk.

https://www.nibusinessinfo.co.uk/content/reasons-behind-cyber-attacks

Cybersecurity Solutions for a Riskier World. (n.d.). ThoughtLab.

https://thoughtlabgroup.com/cyber-solutions-riskier-world/
 22

Benefits of Cyber Risk Management: What are the Advantages? (n.d.).

Businesstechweekly.com. Retrieved January 9, 2023, from

https://www.businesstechweekly.com/cybersecurity/risk-management/cyber-risk-

management/#:~:text=A%20cyber%20risk%20management%20strategy

Williams, M. (n.d.). 10 statistics that show why training is key to good data

protection. Www.pensar.co.uk. https://www.pensar.co.uk/blog/cybersecurity-

infographic#:~:text=Security-related%20risks%20are%20reduced

Gomez, A. J. S. C., Eireene Jairee. (2023, January 5). Complaints flood BPI

following system glitch. The Manila Times.

https://www.manilatimes.net/2023/01/05/business/top-business/complaints-flood-bpi-

following-system-glitch/1872749

Manila Bulletin. (2023, January 4). BSP wants hourly updates from BPI.

https://mb.com.ph/2023/01/04/bsp-wants-hourly-updates-from-bpi/

Bhandari, P. (2021, July 7). Correlational Research | Definition, Methods and

Examples. Scribbr. https://www.scribbr.com/methodology/correlational-research/

Bhat, A. (2018). Descriptive Research: Definition, Characteristics, Methods,

Examples and Advantages. Retrieved from QuestionPro.

https://www.questionpro.com/blog/descriptive-research/

McCombes, S. (2019, September 19). Sampling Methods | Types and

Techniques Explained. Retrieved from Scribbr.

https://www.scribbr.com/methodology/sampling-methods/

2022 Cyber Security Statistics Trends & Data. (n.d.). PurpleSec. Retrieved

January 9, 2023, from https://purplesec.us/resources/cyber-security-statistics/#EDR

What Tools Do Cybersecurity Analysts Use? (2021 Guide) | (n.d.).

BrainStation. https://brainstation.io/career-guides/what-tools-do-cybersecurity-

analysts-use

Bhandari, P. (2021, July 15). Designing a questionnaire. Scribbr.

https://www.scribbr.com/methodology/questionnaire/
 23

Is Website a Primary Source? - Website Hurdles. (2021, April 9).

Websitehurdles.com. https://websitehurdles.com/is-website-a-primary-source/

Relative Frequencies and Their Distributions. (2021, September 4). Statistics

by Jim. https://statisticsbyjim.com/basics/relative-frequency/

Kroll (2022). State of Incident Response: Asia Pacific. Retrieved from Kroll:

https://www.kroll.com/-/media/kroll/pdfs/publications/apac-state-of-incident-

response-2022.pdf

A. Ghadge et al. (2020). Managing cyber risk in supply chains: A review and research

agenda. Retrieved from IRM: https://files.core.ac.uk/pdf/23/275551059.pdf

Riley, S. (2022, June 20). 9 Cybersecurity Challenges Companies Must Tackle Now.

Retrieved from GlobalSign: https://www.globalsign.com/en/blog/cybersecurity-

challenges-companies-must-tackle-now

University of North Dakota. (n.d.). Why Is Cyber Security Important? Retrieved from

https://onlinedegrees.und.edu/blog/why-is-cyber-security-important/

ZHAO, J. (2022, May 5). Internal Controls and Data Security: How to Develop Controls

That Meet Your IT Security Needs. Retrieved from Hyper Proof:

https://hyperproof.io/resource/internal-controls-and-data-security/