Purpose: This paper aims to update the cybersecurity-related accounting literature by synthesizing 39 recent theoretical and empirical studies on the topic. Furthermore, the paper provides a set of categories into which the studies fit. Design/methodology/approach: This is a synthesis paper that summarizes the research literature on cybersecurity, introducing knowledge from the extant research and revealing areas requiring further examination. Findings: This synthesis identifies a research framework that consists of the following research themes: cybersecurity and information sharing, cybersecurity investments, internal auditing and controls related to cybersecurity, disclosure of cybersecurity activities and security threats and security breaches. Practical implications: Academics, practitioners and the public would benefit from a research framework that categorizes the research topics related to cybersecurity in the accounting field. This type of analysis is vital to enhance the understanding of the academic research on cybersecurity and can be used to support the identification of new lines for future research. Originality/value: This is the first literature analysis of cybersecurity in the accounting field, and it has significant implications for research and practice by detailing, for example, the benefits of and obstacles to information sharing. This synthesis also highlights the importance of the model for cybersecurity investments. Further, the review emphasizes the role of internal auditing and controls to improve cybersecurity.
- Risk management