Cyber Security Frameworks through the Lens of Foreign Direct Investment (FDI): A Systematic Literature Review
Keywords:
cyber security frameworks (CSF), foreign direct investment (FDI), policy, governs, critical infrastructureAbstract
Cybersecurity is an essential aspect for businesses to safeguard themselves against cyber-attacks and ensure the protection, confidentiality, integrity, and availability of sensitive data. A strong cybersecurity posture can increase business resilience and minimize the risk of costly security breaches, thereby building trust with investors, customers, and partners. This, in turn, can create a competitive advantage that attracts foreign direct investment (FDI) and fuels business growth. Therefore, the interplay between cybersecurity frameworks and FDI is of paramount importance. This paper aims to explore the existing research on this interplay through a systematic literature review methodology and qualitative synthesis of data. The review found that a robust cybersecurity framework is crucial for building trust and confidence among investors, customers, and partners, which can help attract FDI and foster business growth across critical infrastructures and sectors. The review critically assessed different cybersecurity frameworks and their implementation strategies and identified potential research gaps while proposing possible solutions to address them. The study underscores the need for critical infrastructures to implement a comprehensive Cyber Assurance Framework that can help them identify and manage cybersecurity risks effectively. Additionally, the importance of adopting new cybersecurity technologies and practices that align with emerging technology-based threats due to the growth of Cloud, IoT, Artificial Intelligence, and Machine Learning was highlighted. Policymakers and regulatory bodies should also work together to establish a clear and robust Cyber Assurance Framework and Policy that provides guidance and support to businesses in their cybersecurity efforts. This paper is the first to provide valuable insights for businesses, policymakers, and regulatory bodies on the importance of a cybersecurity framework in attracting FDI and fostering long-term business growth. The findings of this review would aid policymakers and regulatory bodies in informing their policy decisions and providing guidance and support to businesses in their cybersecurity efforts.
Downloads
References
Ahlstrom, J., Tait, C., & Zoline, K. (2019). Healthcare cyber security and HIPAA assurance with business associates. Cyber Security: A Peer-Reviewed Journal, 3(2), 145-158.
Alexei, A. (2021). Ensuring information security in public organizations in the Republic of Moldova through the ISO 27001 standard.
Alexei, L. A. (2022). Design & development of a cyber security conceptual framework for higher education institutions in the Republic of Moldova. Scientific and Practical Cyber Security Journal (SPCSJ), (1), 35-52.
Aliyu, A., Maglaras, L., He, Y., Yevseyeva, I., Boiten, E., Cook, A., & Janicke, H. (2020). A holistic cybersecurity maturity assessment framework for higher education institutions in the United Kingdom. Applied Sciences, 10(10), 3660.
Al-Moshaigeh, A., Dickins, D., & Higgs, J. L. (2019). Cybersecurity Risks and Controls: Is the AICPA's SOC for Cybersecurity a Solution?. The CPA Journal, 89(6), 36-41.
Almuhammadi, S., & Alsaleh, M. (2017). Information security maturity model for NIST cyber security framework. Computer Science & Information Technology (CS & IT), 7(3), 51-62.
Antunes, M., Maximiano, M., Gomes, R., & Pinto, D. (2021). Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal. Journal of Cybersecurity and Privacy, 1(2), 219-238.
Arcuri, M. C., Brogi, M., & Gandolfi, G. (2018). The effect of cyber-attacks on stock returns. Corporate Ownership & Control, 15(2), 70-83. http://doi.org/10.22495/cocv15i2art6
Armenia, S., Angelini, M., Nonino, F., Palombi, G., & Schlitzer, M. F. (2021). A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs. Decision Support Systems, 147, 113580.
Azmi, R., Tibben, W., & Win, K. T. (2018). Review of cybersecurity frameworks: context and shared concepts. Journal of cyber policy, 3(2), 258-283.
Barry, F., Görg, H., & Strobl, E. (2003). Foreign direct investment, agglomerations, and demonstration effects: An empirical investigation. Review of world economics, 139(4), 583-600.
Bayar, Y., Remeikienė, R., Androniceanu, A., Gasparėnienė, L., & Jucevičius, R. (2020). The shadow economy, human development and foreign direct investment inflows.
Benoliel, D. (2014). Towards a cybersecurity policy model: Israel national cyber bureau case study. NCJL & Tech., 16, 435.
BLOMSTEIN. (2020). Cybersecurity and Foreign Direct Investment Controls, https://www.blomstein.com/en/news.php?n=cybersecurity-and-foreign-direct-investment-controls#:~:text=Cybersecurity%20considerations%20play%20a%20special,infrastructure%20or%20security%2Drelated%20sectors.
Borgman, B., Mubarak, S., & Choo, K. K. R. (2015). Cyber security readiness in the South Australian government. Computer Standards & Interfaces, 37, 1-8.
Boyson, S., Corsi, T. M., & Paraskevas, J. P. (2022). Defending digital supply chains: Evidence from a decade-long research program. Technovation, 118, 102380.
Brada, J. C., Drabek, Z., & Iwasaki, I. (2021). Does investor protection increase foreign direct investment? A meta‐analysis. Journal of Economic Surveys, 35(1), 34-70.
Buresh, D. L. (2022, August). Given the SEC's 2022 Proposed Cyber Rule Amendments, is the DOD's CMMC Framework a Viable Cyber Framework? International Journal of Innovation Scientific Research and Review, 4(8), 3157-3165.
CAPOBIANCO, A. (2022). The Relationship between FDI Screening and Merger Control Reviews – Note by BIAC, https://one.oecd.org/document/DAF/COMP/WD(2022)115/en/pdf
Choraś, M., Kozik, R., Renk, R., & Hołubowicz, W. (2015, June). A practical framework and guidelines to enhance cyber security and privacy. In Computational Intelligence in Security for Information Systems Conference (pp. 485-495). Springer, Cham.
Contractor, F. J., Dangol, R., Nuruzzaman, N., & Raghunath, S. (2020). How do country regulations and business environment impact foreign direct investment (FDI) inflows?. International Business Review, 29(2), 101640.
Cristani, F. (2019). Cybersecurity of foreign investment in the Visegrád Four (V4) countries: designing a governance model with(in) Europe, Think Visegrad Non-V4 Expert Fellow at the Research Center of the Slovak Foreign Policy Association, Bratislava (Slovakia)
Culot, G., Fattori, F., Podrecca, M., & Sartor, M. (2019). Addressing industry 4.0 cybersecurity challenges. IEEE Engineering Management Review, 47(3), 79-86.
Delgado, M. F., Esenarro, D., Regalado, F. F. J., & Reátegui, M. D. (2021). Methodology based on the NIST cybersecurity framework as a proposal for cybersecurity management in government organizations. 3 c TIC: cuadernos de desarrollo aplicados a las TIC, 10(2), 123-141.
Donaldson, S.E., Siegel, S.G., Williams, C.K., Aslam, A. (2015). Cybersecurity Frameworks. In: Enterprise Cybersecurity. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4302-6083-7_17
Dunning, J. H. (1999). The eclectic paradigm as an envelope for economic and business theories of MNE activity. International Business Review, 8(2), 163-190.
FieldComm Group, Austin, TX, USA (9 November, 2017). FDI Now Supports Enhanced Cyber Security Measures & Additional Protocols!, https://www.fieldcommgroup.org/posts/press-release-fdi-now-supports-enhanced-cyber-security-measures-additional-protocols
Gordon, L. A., Loeb, M. P., & Zhou, L. (2020). Integrating cost–benefit analysis into the NIST Cybersecurity Framework via the Gordon–Loeb Model. Journal of Cybersecurity, 6(1), tyaa005.
Gorg, H., & Strobl, E. (2020). The internet and foreign direct investment. Journal of International Business Studies, 51(3), 312-329.
Graham, E. M., & Marchick, D. (2006). US national security and foreign direct investment. Peterson Institute Press: All Books.
Greer, M. (2015). FITARA and FedRAMP: Accelerating federal cloud adoption. IEEE Cloud Computing, 2(5), 48-52.
Hajdini, E. (2015). Cyber Security and FDI. International Journal of Scientific Engineering and Applied Science (IJSEAS), 1(8), 392-394.
Haudi, H., Wijoyo, H., & Cahyono, Y. (2020). Analysis of Most Influential Factors to Attract Foreign Direct Investment. Journal of Critical Reviews, 7(13).
Hayakawa, K., Kimura, F., & Lee, H. H. (2013). How does country risk matter for foreign direct investment?. The Developing Economies, 51(1), 60-78.
Hendriks, J.M.A.M., Zuiderwijk, C.J.M., & Wieringa, R.J. (2021). A comparative study of the PCI-DSS framework and the ISO 27001/2 framework. Journal of Information Security and Applications, 50, 101935.
Huang, Y., Jiang, N., & Zhang, Y. (2021). Does internet security matter for foreign direct investment? A spatial econometric analysis. Telematics and Informatics, 59, 101559.
Huang, Y., Jiang, N., & Zhang, Y. (2021). Does internet security matter for foreign direct investment? A spatial econometric analysis. Telematics and Informatics, 59, 101559.
IFSEC Global. (2020, September 30). A Guide to the NIST Cybersecurity Framework. Retrieved from https://www.ifsecglobal.com/cyber-security/a-guide-to-the-nist-cybersecurity-framework/
Javorcik, B. S. (2004). The composition of foreign direct investment and protection of intellectual property rights: Evidence from transition economies. European economic review, 48(1), 39-62.
Jazri, H., & Jat, D. S. (2016, November). A quick cybersecurity wellness evaluation framework for critical organizations. In 2016 International Conference on ICT in Business Industry & Government (ICTBIG) (pp. 1-5). IEEE.
Jeong, C.Y., Lee, S.-Y., Lim, J.-H., 2019. Information security breaches and IT security investments: Impacts on competitors. Inform. Manage. 56 (5), 681–695. https:// doi.org/10.1016/j.im.2018.11.003
Kandasamy, K., Srinivas, S., Achuthan, K., & Rangan, V. P. (2022). Digital Healthcare-Cyberattacks in Asian Organizations: An Analysis of Vulnerabilities, Risks, NIST Perspectives, and Recommendations. IEEE Access, 10, 12345-12364.
Kok, R., & Ersoy, B. A. (2009). Analyses of FDI determinants in developing countries. International Journal of Social Economics.
Krumay, B., Bernroider, E. W., & Walser, R. (2018, November). Evaluation of cybersecurity management controls and metrics of critical infrastructures: A literature review considering the NIST cybersecurity framework. In Nordic Conference on Secure IT Systems (pp. 369-384). Springer, Cham.
Kshetri, N. (2018). The economics of cybersecurity. International Journal of Information Management, 37, 1-14.
Kuhn, T. Heinrich, T. Wienke, T. Arhold, C. Kueper, S. (2021) Broadening the scope further – Latest revisions of German FDI rules go live. https://www.whitecase.com/insight-alert/broadening-scope-further-latest-revisions-german-fdi-rules-go-live
Lanz, J. (2018). Enterprise Technology Risk in a New COSO ERM World: Eight Challenges Facing Management. The CPA Journal, 88(6), 6-10.
Lee, S.-H., Oh, C.H., Lee, J.Y., 2017. The effect of host country Internet infrastructure on foreign expansion of Korean MNCs. Asia Pacific Business Rev. 23 (3), 396–419. https://doi.org/10.1080/13602381.2016.1156295
Mbanaso, U. M., Abrahams, L., & Apene, O. Z. (2019). Conceptual design of a cybersecurity resilience maturity measurement (CRMM) framework. The African Journal of Information and Communication, 23, 1-26.
Narula, R. (2018). The role of institutions in foreign direct investment. Journal of World Business, 53(2), 195-208.
Narula, R., & Dunning, J. H. (2019). The Oxford handbook of multinationals. Oxford University Press.
National Institute of Standards and Technology. (2014). Framework for Improving Critical Infrastructure Cybersecurity. Retrieved from https://www.nist.gov/cybersecurity-framework
Nondo, C., Kahsai, M. S., & Hailu, Y. G. (2016). Does institutional quality matter in foreign direct investment?: Evidence from Sub-Saharan African countries. African Journal of Economic and Sustainable Development, 5(1), 12-30.
Osemwengie, D. O. P., & Oriakhi, D. E. (2012). The impact of national security on foreign direct investment in Nigeria: An empirical analysis. Journal of Economics and Sustainable Development, 3(13), 89-95.
Ozkan, B. Y., & Spruit, M. (2020). Assessing and improving cybersecurity maturity for SMEs: Standardization aspects. arXiv preprint arXiv:2007.01751.
Ozkan, B. Y., & Spruit, M. (2020). Assessing and improving cybersecurity maturity for SMEs: Standardization aspects. arXiv preprint arXiv:2007.01751.
Pavleska, T., Aranha, H., Masi, M., & Sellitto, G. P. (2020, September). Drafting a cybersecurity framework profile for smart grids in EU: a goal-based methodology. In European Dependable Computing Conference (pp. 143-155). Springer, Cham.
Pearson, H. 2019. Strengthening cyber security can boost FDI, say experts, https://www.ft.lk/Front-Page/Strengthening-cyber-security-can-boost-FDI-say-experts/44-687887
Shackelford, S. J., Proia, A. A., Martell, B., & Craig, A. N. (2015). Toward a global cybersecurity standard of care: Exploring the implications of the 2014 NIST cybersecurity framework on shaping reasonable national and international cybersecurity practices. Tex. Int'l LJ, 50, 305.
Sulistyowati, D., Handayani, F., & Suryanto, Y. (2020). Comparative analysis and design of cybersecurity maturity assessment methodology using nist csf, cobit, iso/iec 27002 and pci dss. JOIV: International Journal on Informatics Visualization, 4(4), 225-230.
Taherdoost, H. (2022). Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview. Electronics, 11(14), 2181.
The White House. (2013, February 12). Executive Order -- Improving Critical Infrastructure Cybersecurity. Retrieved from https://www.whitehouse.gov/presidential-actions/executive-order-improving-critical-infrastructure-cybersecurity/
Tissir, N., El Kafhali, S., & Aboutabit, N. (2021). Cybersecurity management in cloud computing: Semantic literature review and conceptual framework proposal. Journal of Reliable Intelligent Environments, 7(2), 69-84.
Topping, C., Dwyer, A., Michalec, O., Craggs, B., & Rashid, A. (2021). Beware suppliers bearing gifts!: Analysing coverage of supply chain cyber security in critical national infrastructure sectorial and cross-sectorial frameworks. Computers & Security, 108, 102324.
Trope, R., Smedinghoff, T., 2017. The Importance of Cybersecurity Due Diligence in M&A Transactions. Bus. L, Today, p. 1.
Viet, N. A., Minh, L. Q., Hau, D. H., Tuan, N. N., Quang, N. N., Chinh, N. D., ... & Dat, P. T. (2017). Toward cyber-security architecture framework for developing countries: An assessment model. In International Conference on Advances in Information and Communication Technology (pp. 652-658). Springer, Cham.
Viet, N. A., Minh, L. Q., Hau, D. H., Tuan, N. N., Quang, N. N., Chinh, N. D., ... & Dat, P. T. (2017). Toward cyber-security architecture framework for developing countries: An assessment model. In International Conference on Advances in Information and Communication Technology (pp. 652-658). Springer, Cham.
Wolden, M., Valverde, R., & Talla, M. (2015). The effectiveness of COBIT 5 information security framework for reducing cyber attacks on supply chain management system. IFAC-PapersOnLine, 48(3), 1846-1852.
World Economic Forum (2022). Discussing the role of Foreign Direct Investments (FDI) and Cyber Security in delivering the 2030 Agenda for Sustainable Development, https://www.aumun.org/assets/WEF%20AUMUN%202022%20BG.pdf.
Zanzig, J. S., & Francia III, G. A. (2022). Assurance for Change Management With COBIT 2019 and CMMC Maturity Frameworks. In Achieving Organizational Agility, Intelligence, and Resilience Through Information Systems (pp. 163-196). IGI Global.
Brian Moore, Peter Thomas, Giovanni Rossi, Anna Kowalska, Manuel López. Machine Learning for Decision Science in Energy and Sustainability. Kuwait Journal of Machine Learning, 2(4). Retrieved from http://kuwaitjournals.com/index.php/kjml/article/view/220
Rajan, S. ., & Joseph, L. . (2023). An Adaptable Optimal Network Topology Model for Efficient Data Centre Design in Storage Area Networks. International Journal on Recent and Innovation Trends in Computing and Communication, 11(2s), 43–50. https://doi.org/10.17762/ijritcc.v11i2s.6027
Rajiv, A., Saxena, A.K., Singh, D., Awasthi, A., Dhabliya, D., Yadav, R.K., Gupta, A. IoT and machine learning on smart home-based data and a perspective on fog computing implementation (2023) Handbook of Research on Machine Learning-Enabled IoT for Smart Applications Across Industries, pp. 336-349.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
