Strategic Risk Management in the Age of Cyber Threats: Implications for Financial Institutions

Authors

  • Abdimalik Hussein Strathmore University

DOI:

https://doi.org/10.47604/ejbsm.3331

Keywords:

Cybersecurity, Strategic Risk Management, Financial Institutions, Enterprise Risk Management (ERM), Cyber Risk Governance

Abstract

Purpose: This study sought to investigate strategic risk management in the age of cyber threats implicating financial institutions.

Methodology: The study adopted a desktop research methodology. Desk research refers to secondary data or that which can be collected without fieldwork. Desk research is basically involved in collecting data from existing resources hence it is often considered a low cost technique as compared to field research, as the main cost is involved in executive’s time, telephone charges and directories. Thus, the study relied on already published studies, reports and statistics. This secondary data was easily accessed through the online journals and library.

Findings: The findings revealed that there exists a contextual and methodological gap relating to the cyber threats. Preliminary empirical review revealed that financial institutions failed to effectively integrate cybersecurity into their strategic risk management frameworks. Cyber risks were often treated as IT issues rather than strategic concerns, leading to reactive responses and a lack of leadership involvement. The study emphasized the need for a shift in how institutions approach cybersecurity, making it a core part of their overall risk management and strategic planning.

Unique Contribution to Theory, Practice and Policy: The study recommended integrating cybersecurity into enterprise risk management, adopting a proactive approach with real-time threat intelligence, and enhancing cross-departmental collaboration. It called for better employee training, clearer regulatory standards, and public-private partnerships. The study contributed to theory by highlighting cybersecurity as a systemic risk and offered practical steps to improve governance and resilience in financial institutions.

Downloads

Download data is not yet available.

References

Accenture. (2021). The cost of cybercrime: A rise in financial sector attacks. https://www.accenture.com/us-en/insights/security/cost-cybercrime

Ahmed, A., Mensah, A., & Owusu, E. (2021). Cyber risk governance in emerging markets: A case of African financial institutions. Information & Computer Security, 29(3), 455–472. https://doi.org/10.1108/ICS-03-2021-0032

Ahmed, K., Rana, R., & Muzaffar, M. (2021). Business continuity and financial risk mitigation during COVID-19. Global Finance Journal, 51, 100626. https://doi.org/10.1016/j.gfj.2021.100626

Allen, F., Gu, X., & Kowalewski, O. (2020). Cybersecurity and financial stability: Evidence from the banking industry. Journal of Financial Stability, 47, 100705. https://doi.org/10.1016/j.jfs.2019.100705

Anderson, R., & Agarwal, A. (2020). Cybersecurity risk in banking systems: A case analysis of Equifax. International Journal of Finance & Banking Studies, 9(1), 65–78. https://doi.org/10.20525/ijfbs.v9i1.1022

Baker, H., & Frame, S. (2022). Financial innovation, regulatory response, and risk management: Evidence from the UK. International Review of Financial Analysis, 82, 102171. https://doi.org/10.1016/j.irfa.2022.102171

Bouveret, A. (2018). Cyber risk for the financial sector: A framework for quantitative assessment. IMF Working Paper. https://www.imf.org/en/Publications/WP/Issues/2018/07/13/Cyber-Risk-for-the-Financial-Sector-A-Framework-for-Quantitative-Assessment-46076

Chakraborty, I., & Straub, D. (2021). Institutional capacity and the global effectiveness of financial risk management. Journal of Financial Stability, 53, 100849. https://doi.org/10.1016/j.jfs.2021.100849

Cheng, C., Fu, X., & Wu, L. (2019). Cyber threat intelligence integration: A comparative study of US and Japanese banks. Cybersecurity, 3(1), 12. https://doi.org/10.1186/s42400-019-0032-1

Deloitte. (2020). AI and the Future of Risk Management. Deloitte Insights. https://doi.org/10.2139/ssrn.3564047

DiMaggio, P. J., & Powell, W. W. (1983). The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields. American Sociological Review, 48(2), 147–160.

Eling, M., & Schnell, W. (2016). What do we know about cyber risk and cyber risk insurance? Journal of Risk Finance, 17(5), 474-491. https://doi.org/10.1108/JRF-09-2016-0013

Gonçalves, T. F., Silva, A. L., & Matos, L. C. (2020). Financial regulation, risk, and performance: Evidence from Brazil. Emerging Markets Review, 45, 100717. https://doi.org/10.1016/j.ememar.2020.100717

Gyamfi, M., & Boateng, E. (2022). Cybersecurity vulnerabilities and the banking sector in Sub-Saharan Africa. African Journal of Information Systems, 14(2), 33–49. https://digitalscholarship.unlv.edu/ajis/vol14/iss2/2

Howard, S., Miller, D., & Behrens, T. (2020). Cyber risk stress testing in the UK banking sector: The CBEST framework. Journal of Financial Regulation and Compliance, 28(3), 410–426. https://doi.org/10.1108/JFRC-02-2020-0018

Kopp, E., Kaffenberger, L., & Wilson, C. (2017). Cyber risk, market failures, and financial stability. IMF Working Paper. https://www.imf.org/en/Publications/WP/Issues/2017/08/07/Cyber-Risk-Market-Failures-and-Financial-Stability-45105

Lam, J. (2003). Enterprise Risk Management: From Incentives to Controls. Wiley.

Lundqvist, S. A. (2021). Enterprise risk management and firm performance: The role of firm size and risk management culture. Journal of Risk and Financial Management, 14(2), 89. https://doi.org/10.3390/jrfm14020089

Munyua, L., & Musau, J. (2021). The state of cybersecurity risk management in Sub-Saharan Africa’s financial institutions. Information & Computer Security, 29(4), 545–560. https://doi.org/10.1108/ICS-10-2020-0156

Nguyen, T. H., & Baker, R. J. (2023). Climate risk and enterprise resilience in the financial services industry. Journal of Sustainable Finance & Investment. https://doi.org/10.1080/20430795.2023.2172654

Nguyen, T., & Luong, T. (2021). Evaluating cybersecurity frameworks for financial institutions: A U.S. perspective. Journal of Cybersecurity Research, 6(1), 45–59. https://doi.org/10.1145/3453873

Okpara, G. C. (2018). Enterprise risk management and performance of financial institutions in Sub-Saharan Africa. African Journal of Economic Policy, 25(2), 45–67. https://doi.org/10.4314/ajep.v25i2.4

Peterson, R., & Park, S. (2022). Cybersecurity foresight and strategic agility in financial institutions. Journal of Strategic Security, 15(1), 92–118. https://doi.org/10.5038/1944-0472.15.1.1945

Sahin, H., & Duman, H. (2020). Strategic cyber risk management in Turkish banking sector. Procedia Computer Science, 176, 1054–1063. https://doi.org/10.1016/j.procs.2020.09.143

Saito, Y., Takahashi, T., & Kimura, H. (2019). Risk governance and performance: Evidence from Japanese banks. Journal of Banking & Finance, 106, 423–437. https://doi.org/10.1016/j.jbankfin.2019.07.004

Santos, D., & Figueiredo, L. (2020). The challenge of cybersecurity in Brazilian digital banking. Brazilian Journal of Information Systems, 13(2), 76–91. https://doi.org/10.1590/s1234-2020-1345

Takahashi, K., & Okubo, Y. (2022). Risk governance and cyber resilience in Japanese financial institutions. Journal of Asian Economics, 80, 101482. https://doi.org/10.1016/j.asieco.2022.101482

Teece, D. J., Pisano, G., & Shuen, A. (1997). Dynamic capabilities and strategic management. Strategic Managemen

World Bank. (2023). Global Financial Development Report: Financial Resilience in a Changing World. https://doi.org/10.1596/978-1-4648-1897-5

Zhang, J., Ponomareva, Y., & Lupu, I. (2019). Strategic alignment of cybersecurity governance in financial services. Computers & Security, 87, 101568. https://doi.org/10.1016/j.cose.2019.101568

Downloads

Published

2025-05-12

How to Cite

Hussein, A. (2025). Strategic Risk Management in the Age of Cyber Threats: Implications for Financial Institutions. European Journal of Business and Strategic Management, 10(4), 1–14. https://doi.org/10.47604/ejbsm.3331

Issue

Vol. 10 No. 4 (2025)

Section

Articles

License

Copyright (c) 2025 Abdimalik Hussein

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.