Date of Award


Document Type

Dissertation - Open Access

Degree Type


Degree Name

Doctor of Business Administration (DBA)


Greg Marshall, Ph.D.

Second Advisor

Brian Walkup, Ph.D.


Cybersecurity, Risk Management, Risk Appetite, Risk Tolerance, Resource Allocation


The cyber risk management system has become a top priority for organizations in the global economy, and the internet and digitalization have changed how people work and live, making it essential to manage cyber risks effectively. However, many organizations find it difficult to establish an optimal cyber risk management system due to a lack of a clear understanding of their current level of security, insufficient budget, limited skills, and knowledge, and/or lack of technical expertise. Importantly, risk management is a complex process that requires an organization to establish a comprehensive risk management system to manage its cyber risks. Identifying the right framework and achieving an optimal return on investment in their cyber risk management system is a key challenge for organizations today. Managing cyber risks requires substantial resources of the firm and resource allocation could affect cybersecurity readiness. The research will use a survey to measure the risk appetite, risk tolerance, resource allocation, company size, technology wariness level, and cyber security readiness of respondents’ organizations to understand each construct’s relationship with resource allocation and cyber security readiness. Targeted respondents are risk management, internal audit, and information technology governance seniors. Using cross-sectional regression, this paper finds that all variables, but company size have significant effects on resource allocation and its effect on cybersecurity readiness.