How to cite this paper
Rattanapong, P & Ayuthaya, S. (2025). Influential factors of cybersecurity investment: A quantitative SEM analysis.Management Science Letters , 15(1), 31-44.
Refrences
Abrahams, T. O., Ewuga, S. K., Kaggwa, S., Uwaoma, P. U., Hassan, A. O., & Dawodu, S. O. (2024). Mastering compliance: a comprehensive review of regulatory frameworks in accounting and cybersecurity. Computer Science & IT Research Journal, 5(1), 120-140.
Aksoy, C. (2024). BUILDING A CYBER SECURITY CULTURE FOR RESILIENT ORGANIZATIONS AGAINST CYBER ATTACKS. İşletme Ekonomi ve Yönetim Araştırmaları Dergisi, 7(1), 96-110.
AlDaajeh, S., Saleous, H., Alrabaee, S., Barka, E., Breitinger, F., & Choo, K.-K. R. (2022). The role of national cybersecurity strategies on the improvement of cybersecurity education. Computers & Security, 119, 102754.
Anderson, R. J., & Moore, T. W. (2006). The Economics of Information Security. Science, 314, 610 - 613.
Barney, J. (2016). Firm Resources and Sustained Competitive Advantage. Journal of Management, 17(1), 99-120. https://doi.org/10.1177/014920639101700108
Barney, J. B. (1986). Strategic factor markets: Expectations, luck, and business strategy. Management Science, 32(10), 1231-1241.
Bharadwaj, A. S. (2000). A Resource-Based Perspective on Information Technology Capability and Firm Performance: An Empirical Investigation. MIS Q., 24, 169-196.
Biernacki, P., & Waldorf, D. (1981). Snowball Sampling: Problems and Techniques of Chain Referral Sampling. Sociological Methods & Research, 10, 141 - 163.
Bland, J. M., & Altman, D. G. (1997). Statistics notes: Cronbach's alpha. BMJ, 314, 572.
Bodin, L. D., Gordon, L. A., Loeb, M. P., & Wang, A. (2018). Cybersecurity insurance and risk-sharing. Journal of Accounting and Public Policy, 37(6), 527-544.
Cao, X. (2023). ASEAN–China Digital Economy Cooperation and Its Prospects. In DIGITAL ECONOMY AND THE SUSTAINABLE DEVELOPMENT OF ASEAN AND CHINA (pp. 209-228). World Scientific.
Cohen, J. (2013). Statistical power analysis for the behavioral sciences. Academic press.
Corallo, A., Lazoi, M., & Lezzi, M. (2020a). Cybersecurity in the context of industry 4.0: A structured classification of critical assets and business impacts. Computers in Industry, 114, 103165.
Cronbach, L. J. (1951). Coefficient alpha and the internal structure of tests. Psychometrika, 16, 297-334.
Dewett, T., & Jones, G. R. (2001). The role of information technology in the organization: a review, model, and assessment. Journal of Management, 27(3), 313-346.
Erdfelder, E., Faul, F., & Buchner, A. (1996). GPOWER: A general power analysis program. Behavior research methods, instruments, & computers, 28, 1-11.
Etikan, I., Musa, S. A., & Alkassim, R. (2016). Comparison of Convenience Sampling and Purposive Sampling. American Journal of Theoretical and Applied Statistics, 5, 1.
Faul, F., Erdfelder, E., Lang, A.-G., & Buchner, A. (2007). G* Power 3: A flexible statistical power analysis program for the social, behavioral, and biomedical sciences. Behavior research methods, 39(2), 175-191.
Fleury, J.-B. (2017). Crime and Punishment (Becker 1968). In A. Marciano & G. B. Ramello (Eds.), Encyclopedia of Law and Economics (pp. 1-5). Springer New York. https://doi.org/10.1007/978-1-4614-7883-6_17-1
Fornell, C., & Larcker, D. F. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18, 39-50.
Galbiati, R., & Vertova, P. (2014). How laws affect behavior: Obligations, incentives and cooperative behavior. International Review of Law and Economics, 38, 48-57. https://doi.org/10.1016/j.irle.2014.03.001
Gordon, L. A. (2007). Incentives for improving cybersecurity in the private sector: A cost-benefit perspective. Congressional Testimony.
Gordon, L. A., & Loeb, M. P. (2002). The economics of information security investment. ACM Transactions on Information and System Security (TISSEC), 5(4), 438-457.
Gordon, L. A., Loeb, M. P., & Sohail, T. (2003). A framework for using insurance for cyber-risk management. Communications of the ACM, 46(3), 81-85.
Gordon, L. A., Loeb, M. P., & Zhou, L. (2020). Integrating cost–benefit analysis into the NIST Cybersecurity Framework via the Gordon–Loeb Model. Journal of Cybersecurity, 6(1), tyaa005.
Hair, J. F., Black, W. C., Babin, B. J., & Anderson, R. E. (2013). Multivariate data analysis: Pearson new international edition PDF eBook. Pearson Higher Ed.
Hancock, G. R. (1997). Structural equation modeling methods of hypothesis testing of latent variable means. Measurement and Evaluation in Counseling and Development, 30(2), 91-105.
Hasan, S., Ali, M., Kurnia, S., & Thurasamy, R. (2021). Evaluating the cyber security readiness of organizations and its influence on performance. Journal of Information Security and Applications, 58, 102726.
Henson, R. K. (2019). Understanding Internal Consistency Reliability Estimates: A Conceptual Primer on Coefficient Alpha. Measurement and Evaluation in Counseling and Development, 34(3), 177-189. https://doi.org/10.1080/07481756.2002.12069034
Jensen, M. C., & Meckling, W. H. (1976). THEORY OF THE FIRM: MANAGERIAL BEHAVIOR, AGENCY COSTS AND OWNERSHIP STRUCTURE.
Kamiya, S., Kang, J.-K., Kim, J., Milidonis, A., & Stulz, R. M. (2021). Risk management, firm reputation, and the impact of successful cyberattacks on target firms. Journal of Financial Economics, 139(3), 719-749. https://doi.org/10.1016/j.jfineco.2019.05.019
Kaplan, J. M., Bailey, T., O'Halloran, D., Marcus, A., & Rezek, C. (2015). Beyond cybersecurity: protecting your digital business. John Wiley & Sons.
Kissoon, T. (2020). Optimum spending on cybersecurity measures. Transforming Government: People, Process and Policy, 14(3), 417-431. https://doi.org/10.1108/tg-11-2019-0112
Kline, R. B. (2023). Principles and practice of structural equation modeling. Guilford publications.
Lee, I. (2021). Cybersecurity: Risk management framework and investment cost analysis. Business Horizons, 64(5), 659-671. https://doi.org/10.1016/j.bushor.2021.02.022
Lemnitzer, J. M. (2021). Why cybersecurity insurance should be regulated and compulsory. Journal of Cyber Policy, 6(2), 118-136.
Luiijf, E., Besseling, K., & De Graaf, P. (2013). Nineteen national cyber security strategies. International Journal of Critical Infrastructures 6, 9(1-2), 3-31.
Lukavchenko, A. S. (2015). Decision-making criteria for cybersecurity adoption.
MacCallum, R. C., Browne, M. W., & Sugawara, H. M. (1996). Power analysis and determination of sample size for covariance structure modeling. Psychological methods, 1(2), 130.
Miyamoto, I., Holzer, T. H., & Sarkani, S. (2017). Why a counterfeit risk avoidance strategy fails. Computers & Security, 66, 81-96. https://doi.org/10.1016/j.cose.2016.12.015
Mohamed Mizan, N. S., Ma’arif, M. Y., Mohd Satar, N. S., & Shahar, S. M. (2019). CNDS-cybersecurity: issues and challenges in ASEAN countries. International Journal of Advanced Trends in Computer Science and Engineering, 8(1.4).
Naseer, H., Maynard, S. B., & Desouza, K. C. (2021). Demystifying analytical information processing capability: The case of cybersecurity incident response. Decision Support Systems, 143. https://doi.org/10.1016/j.dss.2020.113476
Pfeffer, J., & Salancik, G. R. (1978). The External Control of Organizations: A Resource Dependence Perspective. Harper & Row. https://books.google.co.th/books?id=9d-3AAAAIAAJ
Romanosky, S., & Acquisti, A. (2009). Privacy costs and personal data protection: Economic and legal perspectives. Berkeley Tech. LJ, 24, 1061.
Romanosky, S., Hoffman, D., & Acquisti, A. (2014). Empirical analysis of data breach litigation. Journal of Empirical Legal Studies, 11(1), 74-104.
Savaş, S., & Karataş, S. (2022). Cyber governance studies in ensuring cybersecurity: an overview of cybersecurity governance. International Cybersecurity Law Review, 3(1), 7-34.
Shavell, S. (1984). A model of the optimal use of liability and safety regulation. The Rand Journal of Economics, 15(2), 271-280.
Slovic, P. (1987). Perception of risk. Science, 236(4799), 280-285. https://doi.org/10.1126/science.3563507
Sonnenreich, W., Albanese, J., & Stout, B. (2006). Return on security investment (ROSI)-a practical quantitative model. Journal of Research and practice in Information Technology, 38(1), 45-56.
Sukma, N., & Leelasantitham, A. (2022a). Factors affecting adoption of online community water user participation. Human Behavior and Emerging Technologies, 2022, 1-13.
Sukma, N., & Leelasantitham, A. (2022b). From conceptual model to conceptual framework: A sustainable business framework for community water supply businesses [Original Research]. Frontiers in Environmental Science, 10. https://doi.org/10.3389/fenvs.2022.1013153
Sukma, N., & Leelasantitham, A. (2022c). The influence and continuance intention of the E-government system: A case study of community water supply business. Frontiers in Environmental Science, 10, 918981.
Sukma, N., & Leelasantitham, A. (2022d). Understanding online behavior towards community water user participation: A perspective of a developing country. PloS one, 17(7), e0270137. https://doi.org/10.1371/journal.pone.0270137
Thekdi, S., & Aven, T. (2019). An integrated perspective for balancing performance and risk. Reliability Engineering & System Safety, 190. https://doi.org/10.1016/j.ress.2019.106525
Tran Dai, C., & Gomez, M. A. (2018). Challenges and opportunities for cyber norms in ASEAN. Journal of Cyber Policy, 3(2), 217-235.
Tsohou, A., Kokolakis, S., Karyda, M., & Kiountouzis, E. (2008). Investigating information security awareness: research and practice gaps. Information Security Journal: A Global Perspective, 17(5-6), 207-227.
Wilkin, C. L., & Chenhall, R. H. (2020). Information Technology Governance: Reflections on the Past and Future Directions. Journal of Information Systems, 34(2), 257-292.
Aksoy, C. (2024). BUILDING A CYBER SECURITY CULTURE FOR RESILIENT ORGANIZATIONS AGAINST CYBER ATTACKS. İşletme Ekonomi ve Yönetim Araştırmaları Dergisi, 7(1), 96-110.
AlDaajeh, S., Saleous, H., Alrabaee, S., Barka, E., Breitinger, F., & Choo, K.-K. R. (2022). The role of national cybersecurity strategies on the improvement of cybersecurity education. Computers & Security, 119, 102754.
Anderson, R. J., & Moore, T. W. (2006). The Economics of Information Security. Science, 314, 610 - 613.
Barney, J. (2016). Firm Resources and Sustained Competitive Advantage. Journal of Management, 17(1), 99-120. https://doi.org/10.1177/014920639101700108
Barney, J. B. (1986). Strategic factor markets: Expectations, luck, and business strategy. Management Science, 32(10), 1231-1241.
Bharadwaj, A. S. (2000). A Resource-Based Perspective on Information Technology Capability and Firm Performance: An Empirical Investigation. MIS Q., 24, 169-196.
Biernacki, P., & Waldorf, D. (1981). Snowball Sampling: Problems and Techniques of Chain Referral Sampling. Sociological Methods & Research, 10, 141 - 163.
Bland, J. M., & Altman, D. G. (1997). Statistics notes: Cronbach's alpha. BMJ, 314, 572.
Bodin, L. D., Gordon, L. A., Loeb, M. P., & Wang, A. (2018). Cybersecurity insurance and risk-sharing. Journal of Accounting and Public Policy, 37(6), 527-544.
Cao, X. (2023). ASEAN–China Digital Economy Cooperation and Its Prospects. In DIGITAL ECONOMY AND THE SUSTAINABLE DEVELOPMENT OF ASEAN AND CHINA (pp. 209-228). World Scientific.
Cohen, J. (2013). Statistical power analysis for the behavioral sciences. Academic press.
Corallo, A., Lazoi, M., & Lezzi, M. (2020a). Cybersecurity in the context of industry 4.0: A structured classification of critical assets and business impacts. Computers in Industry, 114, 103165.
Cronbach, L. J. (1951). Coefficient alpha and the internal structure of tests. Psychometrika, 16, 297-334.
Dewett, T., & Jones, G. R. (2001). The role of information technology in the organization: a review, model, and assessment. Journal of Management, 27(3), 313-346.
Erdfelder, E., Faul, F., & Buchner, A. (1996). GPOWER: A general power analysis program. Behavior research methods, instruments, & computers, 28, 1-11.
Etikan, I., Musa, S. A., & Alkassim, R. (2016). Comparison of Convenience Sampling and Purposive Sampling. American Journal of Theoretical and Applied Statistics, 5, 1.
Faul, F., Erdfelder, E., Lang, A.-G., & Buchner, A. (2007). G* Power 3: A flexible statistical power analysis program for the social, behavioral, and biomedical sciences. Behavior research methods, 39(2), 175-191.
Fleury, J.-B. (2017). Crime and Punishment (Becker 1968). In A. Marciano & G. B. Ramello (Eds.), Encyclopedia of Law and Economics (pp. 1-5). Springer New York. https://doi.org/10.1007/978-1-4614-7883-6_17-1
Fornell, C., & Larcker, D. F. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18, 39-50.
Galbiati, R., & Vertova, P. (2014). How laws affect behavior: Obligations, incentives and cooperative behavior. International Review of Law and Economics, 38, 48-57. https://doi.org/10.1016/j.irle.2014.03.001
Gordon, L. A. (2007). Incentives for improving cybersecurity in the private sector: A cost-benefit perspective. Congressional Testimony.
Gordon, L. A., & Loeb, M. P. (2002). The economics of information security investment. ACM Transactions on Information and System Security (TISSEC), 5(4), 438-457.
Gordon, L. A., Loeb, M. P., & Sohail, T. (2003). A framework for using insurance for cyber-risk management. Communications of the ACM, 46(3), 81-85.
Gordon, L. A., Loeb, M. P., & Zhou, L. (2020). Integrating cost–benefit analysis into the NIST Cybersecurity Framework via the Gordon–Loeb Model. Journal of Cybersecurity, 6(1), tyaa005.
Hair, J. F., Black, W. C., Babin, B. J., & Anderson, R. E. (2013). Multivariate data analysis: Pearson new international edition PDF eBook. Pearson Higher Ed.
Hancock, G. R. (1997). Structural equation modeling methods of hypothesis testing of latent variable means. Measurement and Evaluation in Counseling and Development, 30(2), 91-105.
Hasan, S., Ali, M., Kurnia, S., & Thurasamy, R. (2021). Evaluating the cyber security readiness of organizations and its influence on performance. Journal of Information Security and Applications, 58, 102726.
Henson, R. K. (2019). Understanding Internal Consistency Reliability Estimates: A Conceptual Primer on Coefficient Alpha. Measurement and Evaluation in Counseling and Development, 34(3), 177-189. https://doi.org/10.1080/07481756.2002.12069034
Jensen, M. C., & Meckling, W. H. (1976). THEORY OF THE FIRM: MANAGERIAL BEHAVIOR, AGENCY COSTS AND OWNERSHIP STRUCTURE.
Kamiya, S., Kang, J.-K., Kim, J., Milidonis, A., & Stulz, R. M. (2021). Risk management, firm reputation, and the impact of successful cyberattacks on target firms. Journal of Financial Economics, 139(3), 719-749. https://doi.org/10.1016/j.jfineco.2019.05.019
Kaplan, J. M., Bailey, T., O'Halloran, D., Marcus, A., & Rezek, C. (2015). Beyond cybersecurity: protecting your digital business. John Wiley & Sons.
Kissoon, T. (2020). Optimum spending on cybersecurity measures. Transforming Government: People, Process and Policy, 14(3), 417-431. https://doi.org/10.1108/tg-11-2019-0112
Kline, R. B. (2023). Principles and practice of structural equation modeling. Guilford publications.
Lee, I. (2021). Cybersecurity: Risk management framework and investment cost analysis. Business Horizons, 64(5), 659-671. https://doi.org/10.1016/j.bushor.2021.02.022
Lemnitzer, J. M. (2021). Why cybersecurity insurance should be regulated and compulsory. Journal of Cyber Policy, 6(2), 118-136.
Luiijf, E., Besseling, K., & De Graaf, P. (2013). Nineteen national cyber security strategies. International Journal of Critical Infrastructures 6, 9(1-2), 3-31.
Lukavchenko, A. S. (2015). Decision-making criteria for cybersecurity adoption.
MacCallum, R. C., Browne, M. W., & Sugawara, H. M. (1996). Power analysis and determination of sample size for covariance structure modeling. Psychological methods, 1(2), 130.
Miyamoto, I., Holzer, T. H., & Sarkani, S. (2017). Why a counterfeit risk avoidance strategy fails. Computers & Security, 66, 81-96. https://doi.org/10.1016/j.cose.2016.12.015
Mohamed Mizan, N. S., Ma’arif, M. Y., Mohd Satar, N. S., & Shahar, S. M. (2019). CNDS-cybersecurity: issues and challenges in ASEAN countries. International Journal of Advanced Trends in Computer Science and Engineering, 8(1.4).
Naseer, H., Maynard, S. B., & Desouza, K. C. (2021). Demystifying analytical information processing capability: The case of cybersecurity incident response. Decision Support Systems, 143. https://doi.org/10.1016/j.dss.2020.113476
Pfeffer, J., & Salancik, G. R. (1978). The External Control of Organizations: A Resource Dependence Perspective. Harper & Row. https://books.google.co.th/books?id=9d-3AAAAIAAJ
Romanosky, S., & Acquisti, A. (2009). Privacy costs and personal data protection: Economic and legal perspectives. Berkeley Tech. LJ, 24, 1061.
Romanosky, S., Hoffman, D., & Acquisti, A. (2014). Empirical analysis of data breach litigation. Journal of Empirical Legal Studies, 11(1), 74-104.
Savaş, S., & Karataş, S. (2022). Cyber governance studies in ensuring cybersecurity: an overview of cybersecurity governance. International Cybersecurity Law Review, 3(1), 7-34.
Shavell, S. (1984). A model of the optimal use of liability and safety regulation. The Rand Journal of Economics, 15(2), 271-280.
Slovic, P. (1987). Perception of risk. Science, 236(4799), 280-285. https://doi.org/10.1126/science.3563507
Sonnenreich, W., Albanese, J., & Stout, B. (2006). Return on security investment (ROSI)-a practical quantitative model. Journal of Research and practice in Information Technology, 38(1), 45-56.
Sukma, N., & Leelasantitham, A. (2022a). Factors affecting adoption of online community water user participation. Human Behavior and Emerging Technologies, 2022, 1-13.
Sukma, N., & Leelasantitham, A. (2022b). From conceptual model to conceptual framework: A sustainable business framework for community water supply businesses [Original Research]. Frontiers in Environmental Science, 10. https://doi.org/10.3389/fenvs.2022.1013153
Sukma, N., & Leelasantitham, A. (2022c). The influence and continuance intention of the E-government system: A case study of community water supply business. Frontiers in Environmental Science, 10, 918981.
Sukma, N., & Leelasantitham, A. (2022d). Understanding online behavior towards community water user participation: A perspective of a developing country. PloS one, 17(7), e0270137. https://doi.org/10.1371/journal.pone.0270137
Thekdi, S., & Aven, T. (2019). An integrated perspective for balancing performance and risk. Reliability Engineering & System Safety, 190. https://doi.org/10.1016/j.ress.2019.106525
Tran Dai, C., & Gomez, M. A. (2018). Challenges and opportunities for cyber norms in ASEAN. Journal of Cyber Policy, 3(2), 217-235.
Tsohou, A., Kokolakis, S., Karyda, M., & Kiountouzis, E. (2008). Investigating information security awareness: research and practice gaps. Information Security Journal: A Global Perspective, 17(5-6), 207-227.
Wilkin, C. L., & Chenhall, R. H. (2020). Information Technology Governance: Reflections on the Past and Future Directions. Journal of Information Systems, 34(2), 257-292.