Operational risk management: An empirical analysis on the impact of cyber risk management on corporate performance of SMEs operating in Zimbabwe

Abstract

Our modern societies are now driven by technology. While this has brought about a number of advantages, the adoption of technology is not without its challenges. The widespread adoption of technology by businesses has resulted in the emergence of cyber risk. The ubiquitous interconnectivity of operations within the business and also with external parties provides the primary conduit for exploiting cyber risk vulnerabilities on a widespread basis. This study sought to investigate the impact of cyber risk management on corporate performance of SMEs operating in Zimbabwe, a sector most exposed to cyber risk, albeit least researched. The study employed a quantitative methodology. Data were collected through structured self- administered questionnaires which were distributed through stratified random sampling of 250 respondents. From the total of 250 questionnaires distributed, 207 valid responses were obtained giving a response rate of 82.8%. The study found positive and significant relationships between the four cyber risk management constructs and corporate performance. Specifically, the study highlights that cyber risk governance, assessment practices, reduction, and awareness and training positively impacts corporate performance. These finding further enhance our understanding of the impact of cyber risk (growing phenomenon) on corporate performance, in a sector which is becoming a key growth driver for the Zimbabwean economy. It is concluded that good cyber risk management practices tends to boost business performance hence business owners and management should build robust cyber risk management practices in their companies. Furthermore, SMEs were urged to embrace rather fear the digital technology, at the same time ensure sound cyber risk management structures are in place through risk governance, assessment of the inherent cyber risk, risk reduction, and cyber risk awareness and training.