Given the specific challenges of the internationalization process for emerging markets, which require a constant adaptation of the organizational structure and of management control systems, this chapter aims to analyze the evolution of activity over the years studied, taking into account three key aspects: the assessment of the financial performance, focusing on the analysis of the value creation capacity and on the comparison with the values of the Portuguese industry; the assessment of the internationalization process, where several proposals are made in order to reduce business risk, both in terms of approach to the markets and in terms of the use of credit and exchange risk hedging techniques; the assessment of the management control systems implemented, with a reflection on the various types of instruments used (piloting, behavioral orientation, and dialogue) and elaboration of system optimization proposals, aiming a greater involvement and alignment of managers to organizational goals and business sustainability.
Abstract In this study we assess the main determinants of banks’ profitability in EU27 over the period 2004-2011. We split the factors that influence bank profitability in two large groups: bank-specific (internal) factors and industry specific and macroeconomic (external) factors. We consider as proxy for banks profitability the return on average assets (ROAA) and the return on average equity (ROAE). The empirical findings are consistent with the expected results. Credit and liquidity risk, management efficiency, the diversification of business, the market concentration/competition and the economic growth have influence on bank profitability, both on ROAA and ROAE. An interesting and valuable result is the positive influence of competition on bank profitability in EU27.
【Objective】This study aims to overcome the limitations of traditional static Bayesian networks (BN) and reveal the nonlinear, time-varying dynamic causal relationships among internal and external factors affecting China's grain production security, monitor key risk sources influencing China's food security, shift the focus of grain production security risk management from "post-event response" to "pre-event warning", and provide decision-making references for further safeguarding national food security.【Method】Static and dynamic factors affecting China's grain production security, such as labor force, agricultural infrastructure, water resource, land resource, extreme climate, material input, finance, and frequent major emergencies, were systematically integrated into a unified multi-dimensional dynamic Bayesian network (DBN) model. Eight first-level indicators and twenty secondary indicators were established to construct a risk monitoring index system for China's grain production security. Corresponding risk indicators were used as DBN nodes to develop a DBN-based risk monitoring and early warning model for China's grain production security. Using inter-provincial panel data from 2000 to 2024, the GeNIe 2.0 visualization software was employed for empirical test and optimization of the DBN model. The risk probability of grain production security in China was measured, key risk-inducing factors and sensitive points were diagnosed, and early warning levels for various risk sources were precisely defined.【Result】Empirical test verified that risk sources such as quantity of labor force, agricultural machinery level, effective irrigation index, grain sown area, pesticide input, and fertilizer price fluctuation are key risk factors and important sensitive nodes for China's grain production security. In the risk warning level classification, five indicators—water infrastructure, agricultural water security level, cultivated land area, grain sown area, and financial support for agriculture funds—achieved risk values of 0.368 or higher, corresponding to the "black light" risk level. Six indicators—quantity of labor force, power infrastructure, per capital share of water resource, affected area of crops, fertilizer input, and plastic film input—showed risk values between 0.330 and 0.356, falling under the "red light" risk level. Reverse reasoning results indicated that financial factor, land resource factor, and water resource factor are the most significant risk-inducing contributors to overall risk. Sensitivity analysis revealed that frequent major emergencies and quantity of labor force have particularly significant impacts on the risk system. Empirical test demonstrated the feasibility and effectiveness of the model and algorithm.【Conclusion】Through empirical test of the model and algorithm, key risk factors affecting China's grain production security were accurately identified, and potential hazard sources were revealed. This provides a decision-making basis for promoting the high-quality development of China's grain industry and effectively preventing grain production security risks.
Gianmarco Di Palma,1,2 Roberto Scendoni,3 Davide Ferorelli,4 Anna De Benedictis,1,5 Vittoradolfo Tambone,2 Francesco De Micco1,2 1Operative Research Unit of Clinical Affairs, Fondazione Policlinico Universitario Campus Bio-Medico, Rome, Italy; 2Research Unit of Bioethics and Humanities, Department of Medicine and Surgery, Università Campus Bio-Medico di Roma, Rome, Italy; 3Department of Law, Institute of Legal Medicine, University of Macerata, Macerata, Italy; 4Interdisciplinary Department of Medicine (DIM), Section of Legal Medicine, University of Bari “aldo Moro”, Bari, Italy; 5Research Unit of Nursing Science, Department of Medicine and Surgery, Università Campus Bio-Medico di Roma, Rome, ItalyCorrespondence: Gianmarco Di Palma, Operative Research Unit of Clinical Affairs, Fondazione Policlinico Universitario Campus Bio-Medico, Rome, Italy, Email g.dipalma@policlinicocampus.itBackground/Objectives: Artificial intelligence (AI) is revolutionizing the healthcare industry, improving diagnoses, treatments, and clinical processes. However, its integration poses significant cybersecurity risks, including data breaches, algorithmic opacity, and vulnerabilities in AI-controlled medical devices. This narrative review analyzes these threats and evaluates blockchain technology as a potential mitigation strategy within a Clinical Risk Management framework.Methods: The literature search was conducted on PubMed, Scopus, and Web of Science, considering peer-reviewed publications from 2000 to January 2025. 1,204 articles were identified. Inclusion criteria included studies on cybersecurity risks in healthcare, blockchain applications in the clinical setting, and regulatory references (eg, General Data Protection Regulation). Conference abstracts, non-English articles, and non-peer-reviewed contributions were excluded. To ensure methodological rigor, the Scale for the Assessment of Narrative Review Articles criteria were applied.Results: The thematic analysis highlighted recurring critical issues: difficulties with informed consent, unauthorized access to sensitive data, and systemic vulnerabilities in hospital digital infrastructures. Blockchain presents a promising solution thanks to its decentralization, immutability, and transparency. Integration with smart contracts enables dynamic consent management, secure data sharing, and real-time monitoring of medical devices. Permissioned networks improve traceability and regulatory compliance, while Layer 2 solutions and optimized consent protocols address scalability challenges.Conclusion: Despite its potential, blockchain adoption faces obstacles: high costs, regulatory rigidity, and poor acceptance among healthcare professionals. The review highlights the need for pilot projects, interdisciplinary collaboration, and regulatory updates for effective integration. Combining AI and blockchain in Clinical Risk Management can transform clinical risk management from reactive to proactive, improving patient safety, data governance, and accountability.Keywords: clinical risk management, artificial intelligence, blockchain, cybersecurity, healthcare, patient safety
The recent changes in tourism growth in Yogyakarta, accompanied by the increasing number of tourist visits and various operational risks such as accidents, facility damage, natural disasters, and visitor overcrowding, demand a more comprehensive risk management strategy. This study aims to analyze the efforts of operational risk management in relation to tourist well-being at tourism destinations in the Special Region of Yogyakarta. Risks within the tourism context have the potential to reduce tourists’ sense of safety, comfort, and satisfaction, ultimately having a negative impact on their overall well-being if they are not effectively managed. This study emphasizes the importance of structured risk management through identification, mitigation, and emergency response procedures as key determinants in creating a safe, comfortable, and meaningful tourism experience. This study employed a quantitative method with samples consisting of tourists visiting various natural destinations in Yogyakarta. Data were collected using questionnaires with a Likert scale and analyzed using inferential statistical techniques to examine the influence of operational risk management on tourist well-being. The findings indicate that operational risk management strategies play a crucial role in enhancing the physical, psychological, and emotional dimensions of tourist wellbeing. Practically, these findings can serve as guidelines for local governments, destination managers, and tourism industry stakeholders in designing policies and practices that prioritize safety, comfort, and tourist well-being.
A Virtual Organization (VO) unites companies or independent individuals to achieve a shared, short-term objective by leveraging information technologies for communication and coordination in personalized product creation. Despite extensive research, existing VO management architectures lack alignment with Industry 4.0 standards, do not incorporate intelligent requirement-gathering mechanisms, and are not based on the RAMI 4.0 framework. These limitations hinder support for Autonomous Virtual Organizations (AVOs) in evaluation, risk management, and continuity, often excluding small and medium-sized enterprises (SMEs) during the partner selection process. This study proposes a comprehensive architecture for AVO management, grounded in ACODAT (Autonomous Cycle of Data Analysis Tasks) and RAMI 4.0 principles. The methodology includes a literature review, an architectural design, and a detailed specification of the ACODAT for the digital supply chain design. A prototype was developed and applied in a case study involving a virtual organization within an editorial consortium. Evaluation addressed core service performance, scalability of the batch selection algorithm, resource-use efficiency, and accessibility/SEO compliance. Benchmarking demonstrated that the prototype met or exceeded thresholds for scalability, efficiency, and accessibility, with minor performance deviations attributed to the testing environment. The results highlight significant time savings and improved automation in requirement identification, partner selection, and supply chain configuration, underscoring the architecture’s effectiveness and inclusivity.
S. M. Rezvani, Nuno Marques de Almeida, Maria João Falcão
Climate change threatens urban areas globally. Enhancing resilience is crucial, yet the comprehensive clustering of practical climate adaptation measures for use in construction industry decision-making is notably absent. This study investigates and categorizes various climate adaptation measures, justifying each through a lens of risk management, asset management, and previous scientific work. It takes advantage of the innovative digital platform Netobra, which offers an ecosystem for the construction industry, to provide real-world, practical implications of these measures. Informed by the Urban Resilience Evaluation System, ISO 31000 (risk management), and ISO 55000 (asset management), the study sets out to demonstrate the value of these measures in bolstering urban resilience and improving decision-making in the construction industry. Moreover, the study integrates a hotspot detection mechanism for areas at high risk of climate impacts, using multicriteria decision analysis (MCDA)—analytic hierarchy process (AHP) mapping on Netobra. These identified hotspots and corresponding climate adaptation measures will further be incorporated into a Risk-Informed Asset-Centric (RIACT) process, providing valuable insights for climate change mitigation and adaptation strategies in urban development. Through its in-depth analysis, the study aims to contribute to the understanding of how diverse climate adaptation measures can be practically applied in various sectors, thereby enhancing urban resilience and effective risk and asset management.
In an increasingly interconnected world, supply chain resilience has emerged as a critical factor for businesses to navigate disruptions and uncertainty. This paper delves into the dynamic landscape of supply chain management, emphasizing the need for organizations to adapt and fortify their operations against a myriad of challenges, ranging from natural disasters to geopolitical tensions and pandemics. Drawing on a comprehensive review of existing literature and real-world case studies, this research explores the key components of supply chain resilience and identifies best practices for building robust systems. It examines the role of technology, collaboration, and risk management strategies in enhancing resilience across various industry sectors. Furthermore, this paper sheds light on the impact of recent global disruptions, such as the COVID-19 pandemic, on supply chains worldwide, highlighting both the vulnerabilities exposed and innovative responses adopted by organizations. A nuanced analysis elucidates the lessons learned and opportunities for improvement in supply chain resilience frameworks. By synthesizing insights from academia and industry, this study offers practical recommendations for executives and policymakers to bolster supply chain resilience in an era characterized by volatility and complexity. It underscores the imperative for proactive measures, agile strategies, and continuous monitoring to mitigate risks and ensure operational continuity in the face of uncertainty. Ultimately, this research contributes to a deeper understanding of supply chain resilience as a strategic imperative, empowering organizations to thrive amidst global disruptions and safeguard the flow of goods and services in an interconnected global economy.
Existing literature on the impact of intrapreneurial behavior on performance has been largely focused on individual and organizational-level performance. As a matter of conjecture, managers are assumed to display higher competence than their subordinates (operational staff) in marketing organisations. Empirical evidence is scanty on the comparison/s between managers and operational staff, on the influence of intrapreneurial behaviors on task and contextual performance in pharmaceutical marketing organisations. This paper builds on role theory to examine employee-level differences (managers vs operational staff) by testing the influence of intrapreneurial behaviors on task and contextual performance in a pharmaceutical marketing context. Covariance-based multigroup structural equation modelling in LISREL was used to develop the model and address this gap. Data was collected using a self-reported online questionnaire from 220 participants composed of managers (n=58) and operational staff (n=162) in the pharmaceutical marketing industry in Nigeria. Confirmatory factor analysis established the validity of constructs. Multigroup confirmatory factor analysis established configural invariance among the groups, justifying a multigroup analysis. Intrapreneurial behavior positively influenced task and contextual performance in the general path model. Risk-taking behavior had no impact on task and contextual performance. Managers showed stronger proactive behavior on task and contextual performance compared to operational staff, while the latter group had stronger innovative behavior impact on task performance only. The study identified the low risk-taking propensity of employees as a gap in intrapreneurial behavior. Therefore, it proposes risk management training for both managers and operational staff. The study concludes that intrapreneurial behavior aligns more with proactivity for managers, while operational staff tend to be more innovative toward their core responsibilities.
This study aimed to strengthen the security of autonomous vehicles by analyzing the current status of autonomous vehicle security, such as autonomous vehicle features, security threats, and compliance, and deriving security-level check items. Based on this, the relative importance could be obtained by applying it to the AHP (Analytic Hierarchy Process) model. The results of the empirical analysis showed that the order of priority was the establishment/implementation of a cybersecurity management system, encryption, and risk assessment. The significance of this study is that by deriving security-level check items related to autonomous vehicles and verifying the research model, we can reduce cyber security accidents that can cause loss of life and improve the level of autonomous vehicle security management of related companies. Additionally, by applying AHP evaluated by security experts to the autonomous vehicle field for the first time, it will contribute to the market expansion of the autonomous vehicle industry, which is concerned with security. Furthermore, major automobile companies have to manage the security levels of numerous tier companies due to the nature of the industry. Therefore, if they perform a Quick Check (QC) considering the relative importance of the autonomous vehicle security-level check items presented in this paper, they will be able to effectively identify the security levels of tier companies early.
Seyed Ali Hosseini, Shima Ahmadi, Hossein Seilsepoor
Given the significance of sustainability reporting, there has been a notable increase in studies in this field. However, due to shortcomings in initial studies, it is not feasible to make decisions based solely on their findings. This research provides a comprehensive examination of the impact of corporate governance structures on sustainability reporting, based on the results of previous studies. Ownership structure, board of directors, management characteristics, corporate governance performance, and the quality of internal controls are identified as influential factors. While the research literature has reached a consensus on the impact of some factors, it has encountered contradictory findings regarding others.IntroductionIn recent years, the issue of sustainability has garnered global attention, becoming a central focus for many accounting researchers. International organizations have published sustainability reporting standards, and many stock exchanges worldwide now consider sustainability reporting a prerequisite for listing. Companies publish sustainability reports for various reasons, including transparency with stakeholders (Kuo et al., 2016), reputation (De Grosbois & Fennell, 2022), legal compliance (Harjoto et al., 2020), or alignment with emerging trends (Busco et al., 2019).However, due to the voluntary nature of sustainability reporting in many countries, concerns about the quantity and quality of this information persist. Since management often decides whether to publish sustainability reports, when to publish them, the publication platform, and the content and scope of the reports, voluntary disclosure, and impression management strategies provide significant opportunities for managers to obscure poor sustainability performance. Therefore, mechanisms are necessary to ensure that the information provided in sustainability reports is of high quality.Corporate governance mechanisms, such as ownership structure, ownership concentration, audit quality, and board composition and quality, play a critical role in reducing opportunistic behaviors by controlling and monitoring executive managers. Given the importance of corporate governance mechanisms for sustainability reporting, there has been a recent surge in studies exploring this relationship.However, early studies in this field are often limited by shortcomings such as researcher bias, small sample sizes, differences in legal frameworks, and contradictory findings. These limitations hinder the ability to make reliable decisions based on their results, highlighting the need for more comprehensive research. Accordingly, this study provides a systematic review of the impact of corporate governance structures on sustainability reporting, synthesizing findings from prior research.The main research questions are as follows:What are the most frequent keywords in the field of sustainability reporting over time?What are the most frequent keywords in the field of the relationship between corporate governance structures and sustainability reporting over time?which corporate governance mechanisms influence the adoption, quantity, and quality of sustainability reporting?MethodologyThis study is applied research and follows an interpretive paradigm. Aligned with this paradigm, a qualitative research methodology was chosen, incorporating systematic review and content analysis for data collection, as well as bibliometric analysis to identify trends in sustainability reporting research and leading authors in the field.The research sample comprises 47 international and 32 national articles published between 2013 and September 2023. Domestic studies were selected through keyword searches on the websites of journals approved by the Ministry of Science, while international studies were sourced from the ScienceDirect database. To enhance search sensitivity and comprehensiveness, various keywords, the "OR" operator, and truncations of selected keywords were employed in ScienceDirect. Both quantitative and qualitative research articles were reviewed. Following the example of other literature reviews (Han & Cohen, 2013:8), books and editorial notes were excluded, with only peer-reviewed articles considered. The latest version of the PRISMA checklist (2020) was used to guide the development of the review protocol.To identify hot research topics in sustainability reporting, research topics exploring the relationship between corporate governance structures and sustainability reporting, and the most prominent authors in the field, bibliographic analysis, and VOSviewer software were utilized.Results and DiscussionExamining the hot topics in sustainability reporting has revealed that corporate governance structures have been among the most significant areas of focus in recent years. Bibliographic analysis indicates that mechanisms such as the board of directors, assurance, and risk management have been key topics of interest for authors.A review of past studies shows that factors such as ownership structure, board of directors, management characteristics, gender diversity, corporate governance performance, assurance, monitoring and accountability, corporate risk, and internal control quality significantly affect the adoption, quantity, and quality of sustainability reports. For example, ownership structure encompasses institutional ownership, internal ownership, foreign ownership, ownership concentration, the relative power of minority shareholders, shareholder identity similarity, state ownership, capital market acceptance, family ownership, fund ownership, and ownership by other companies. Similar detailed categorizations exist for other factors.Most studies have focused on the influence of corporate governance mechanisms on the adoption of sustainability reporting, while fewer have examined their impact on report quality. There is a consensus among researchers on the impact of certain governance mechanisms, such as board size and independence, sustainability committees, managerial compensation, and gender diversity, on sustainability reporting. However, regarding the influence of other factors, the research literature contains contradictory findings. Additionally, for some factors, such as the number of managers, managers’ religious attitudes, and audit fees, the limited number of studies makes it difficult to draw definitive conclusions. Information on measurement indicators based on sample studies is also provided, aiding researchers in measurement purposes.Given the widespread impact of corporate governance structures on sustainability reporting, governments, and regulators should implement initiatives to influence board structures and other corporate governance mechanisms. The findings suggest that investors seeking to maximize their returns should invest in companies with strong corporate governance structures. This study enhances the understanding of managers, regulators, and stakeholders regarding the role of corporate governance in sustainability reporting and provides valuable insights for regulators and policymakers concerned about achieving sustainability reporting goals.By summarizing the impact of corporate governance structures on sustainability reporting, this study identifies gaps in the research literature and mechanisms requiring further investigation. Additionally, juxtaposing findings from domestic and international studies, it highlights cultural differences in the effects of corporate governance mechanisms. Analyzing the findings of this study while considering its limitations is crucial. Existing studies in the research sample employed various measures to assess the quality and extent of sustainability reporting. The documentation reviewed as sustainability reports also varies. For instance, some researchers analyzed sustainability reports, while others examined information provided on company websites. Domestic researchers, due to the lack of sustainability reports published by companies listed on the Tehran Stock Exchange, have relied on analyzing board reports and financial statements to assess the extent and quality of sustainability reporting. Since measurement procedures affect the results obtained and, consequently, the findings of this study, these limitations must be considered when interpreting the results. ConclusionThe analysis of contradictory findings can be explained by considering management motives, organizational maturity levels, organizational structure, and institutional factors affecting the organization, such as industry type, country of operation, and regulations. Therefore, using standardized measures for companies operating in diverse institutional contexts is unlikely to be effective.
There have been strong calls in the research literature for the adoption of system-based approaches to further reduce road casualties. However, person-based approaches remain at the forefront of both national and local-level decision-making around road safety in the UK. Focusing on person-based approaches inhibits learning across the system. Practical examples are needed to support adoption of system-based approaches and ensure safety learning is maximised within the industry.This study builds on previous work (Staton et al., 2022) mapping the control structure for the municipal area of Cambridgeshire, UK. It utilizes a system-based accident investigation method: Causal Analysis based on System Theory (CAST) (Leveson, 2019). The method is based on Rasmussen’s Risk Management Framework and is used to identify weaknesses in the control structure across the entire sociotechnical system. This supports understanding why the collision occurred and prevention of similar future events, rather than apportioning blame. In the study, CAST is used to investigate a random sample of ten fatal collisions that occurred in Cambridgeshire between 2018 and 2020. The investigations were conducted retrospectively using police forensic collision investigation files that had already concluded crown or coroner’s court proceedings.Across all ten collisions investigated, 21 different types of actor were identified across all levels of the system, each of whom played some role in at least one of the collisions. As a result, 49 specific recommendations are made concerning these actor’s roles in preventing future road deaths and serious injuries. In addition, 11 system-wide recommendations are made relating to communication and coordination; the safety information system; safety culture; design of the safety management system; changes and dynamics over time; and economic factors in the system environment.This study demonstrates that the CAST method is a viable tool for learning in the road safety industry and provides a taxonomy of system hazards, alongside the system control structure from Staton et al. (2022), to support any future analysis using this method. The use of CAST identifies the importance of controls within the road transport system and that currently, despite having one of the best road safety records in the world, the existing controls in place in the UK are insufficient to prevent serious injury and death occurring daily and are in danger of being eroded further through a political agenda of deregulation.This study reinforces that road safety requires system-based approaches and the strength of the CAST method in identifying system-wide recommendations which can be used in support of a Safe System approach to provide recommendations across the Safe System pillars.
The 4IR or the digital revolution refers to a collective term for a value chain organizational concepts and technologies that together build the Internet of Things, Internet of people, Cyber-Physical Systems (CPS), Internet of Services and the Internet of Energy. While this digital revolution has helped the construction industry to prevent cost and time overruns and enable efficiency and good work’s quality, it also has disadvantages and risks such as cyberattacks and loss of jobs. This study set out to determine the risks associated with data management (cyberattacks) on construction projects in the fourth industrial revolution era. The research study will address the questions of “what are the cyberattacks risk attributed to construction data management in the fourth revolution era?” and “What are the differences in the opinion of respondents concerning the identified cyberattacks?”. This research work used a quantitative method and gathered information from different construction professionals in the South African construction industry precisely in Gauteng province via a well-structured questionnaire through online platforms. These professionals involve quantity surveyors, architects, civil, mechanical, and electrical engineers practising under a firm, company, organisation, or institution within the Gauteng province, South Africa. Findings revealed that viruses, hacking, and password cracking are the most frequent risk to data management encountered in the construction industry. It was also indicated that construction project stakeholders need a strong knowledge of how attackers operate to address, avoid, and stop the different risks rising when executing a project. The study contributes to the body of knowledge by highlighting the various risks encountered in managing data in the construction industry which will assist professionals in the industry to pay attention to means of mitigating the identified risks. This will keep stakeholders abreast of how simple negligence from their side can deeply affect the project data thereby affecting project delivery. It was concluded based on findings that construction professionals need to avoid the occurrence of these risks to enhance satisfactory project delivery and protect their project information. The study recommended that all construction project parties require full training sessions on risks to data to prevent any types of intrusion into the company’s information system.
Rupert Bainbridge, Michael Lim, Stuart Dunning
et al.
Rapid shallow landslides are a significant hillslope erosion mechanism and limited understanding of their initiation and development results in persistent risk to infrastructure. Here, we analyse the slope above the strategic A83 Rest and be Thankful road in the west of Scotland. An inventory of 70 landslides (2003–2020) shows three types of shallow landslide, debris flows, creep deformation, and debris falls. Debris flows dominate and account for 5,350 m3 (98%) of shallow-landslide source volume across the site. We use novel time-lapse vector tracking to detect and quantify slope instabilities, whilst seismometers demonstrate the potential for live detection and location of debris flows. Using on-slope rainfall data, we show that shallow-landslides are typically triggered by abrupt changes in the rainfall trend, characterised by high-intensity, long duration rainstorms, sometimes part of larger seasonal rainfall changes. We derive empirical antecedent precipitation (>62 mm) and intensity-duration (>10 h) thresholds over which shallow-landslides occur. Analysis shows the new thresholds are more effective at raising hazard alerts than the current management plan. The low-cost sensors provide vital notification of increasing hazard, the initiation of movement, and final failure. This approach offers considerable advances to support operational decision-making for infrastructure threatened by complex slope hazards.
PurposeThis article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.Design/methodology/approachThis is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.FindingsThe results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.Originality/valueThis paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.