Critical Success Factors for IT Risk Management in the Digital Transformation Era: Insights from a Multiple Case Study
Abstract
The convergence of Information Technology risk management and digital transformation is a vital consideration for contemporary organizations navigating the rapidly changing digital landscape. This research investigates the intersection of these domains, aiming to identify the critical success factors that enable effective Information Technology risk management within the context of digital transformation. Through a Systematic Literature Review, a comprehensive search on Web of Science and Scopus led to the acceptance of 61 peer-reviewed papers published between 2020 and 2024, providing a solid foundation for understanding current trends and best practices. Employing a qualitative multiple case study approach, this study examines the experiences, strategies, and challenges of organizations that have successfully managed Information Technology risks during their digital transformation journeys. Thematic analysis reveals three key critical success factors: executive leadership and support, cross-functional collaboration, and risk-aware decision-making. These findings offer actionable insights for organizations seeking to align their risk management practices with the complexities of digital transformation. By bridging theoretical frameworks with practical insights, this research provides valuable recommendations for organizations to navigate digital transformation securely. Future research could focus on exploring the implementation nuances of these success factors across various industries, such as healthcare, finance, and manufacturing, to deepen our understanding of the intricate relationship between IT risk management and digital transformation in diverse contexts.
Keywords
Full Text:
PDFReferences
W. B. Rouse, Innovation Ecosystems: How Driving Forces and Success Factors Affect Opportunities for Business Innovation. CRC Press, 2024.
M. Haupt, The Contemporary CFO: How Finance Leaders Can Drive Business Transformation, Performance and Growth in a Connected World. Kogan Page Publishers, 2021.
N. Vaz, Digital Business Transformation: How Established Companies Sustain Competitive Advantage from Now to Next. John Wiley & Sons, 2021.
B. F. Abrantes and J. L. Madsen, Essentials on Dynamic Capabilities for a Contemporary World. Springer, 2023.
M. S. M. Review, How AI Is Transforming the Organization. MIT Press, 2020.
M. Ghobakhloo, M. Iranmanesh, B. Foroughi, M.-L. Tseng, D. Nikbin, and A. A. Khanfar, “Industry 4.0 digital transformation and opportunities for supply chain resilience: a comprehensive review and a strategic roadmap,” Production Planning & Control, pp. 1–31, 2023, doi: 10.1080/09537287.2023.2252376.
S. O. Dawodu, A. Omotosho, O. J. Akindote, A. O. Adegbite, and S. K. Ewuga, “Cybersecurity risk assessment in banking: methodologies and best practices,” Computer Science & IT Research Journal, vol. 4, no. 3, pp. 220–243, 2023.
R. Rai, A. Rohilla, and A. Rai, “Understanding cybersecurity threats in e-commerce,” in Strategies for E-Commerce Data Security: Cloud, Blockchain, AI, and Machine Learning: IGI Global, 2024, pp. 501–522.
R. Uimonen, “Agile Business Transformations and Strategic Risk Management in Uncertainty,” Ph.D. dissertation, Tampere University, Finland, 2023.
S. Jarjoui and R. Murimi, “A Framework for Enterprise Cybersecurity Risk Management,” in Advances in cybersecurity management, Springer, 2021, pp. 139–161.
K. Kandasamy, S. Srinivas, K. Achuthan, and V. P. Rangan, “IoT cyber risk: A holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process,” EURASIP Journal on Information Security, vol. 2020, pp. 1–18, 2020.
O. T. Arogundade, A. Abayomi-Alli, and S. Misra, “An ontology-based security risk management model for information systems,” Arabian Journal for Science and Engineering, vol. 45, no. 8, pp. 6183–6198, 2020.
H. I. Kure, S. Islam, and H. Mouratidis, “An integrated cyber security risk management framework and risk predication for the critical infrastructure protection,” Neural Computing and Applications, vol. 34, no. 18, pp. 15241–15271, 2022.
C. Brumfield, Cybersecurity Risk Management: Mastering the Fundamentals using the NIST Cybersecurity Framework. John Wiley & Sons, 2021.
O. Giuca, T. M. Popescu, A. M. Popescu, G. Prostean, and D. E. Popescu, “A survey of cybersecurity risk management frameworks,” in Soft Computing Applications: Proceedings of the 8th International Workshop Soft Computing Applications (SOFA 2018), vol. I, no. 8, 2021, Springer, pp. 240-272.
H. Taherdoost, “Understanding cybersecurity frameworks and information security standards—a review and comprehensive overview,” Electronics, vol. 11, no. 14, p. 2181, 2022.
O. A. Fonseca-Herrera, A. E. Rojas, and H. Florez, “A model of an information security management system based on NTC-ISO/IEC 27001 Standard,” IAENG Int. J. Comput. Sci, vol. 48, no. 2, pp. 213–222, 2021.
A. S. C. Junior and C. H. Arima, “Cyber risk management and ISO 27005 applied in organizations: A systematic literature review,” REVISTA FOCO, vol. 16, no. 02, pp. e1188-e1188, 2023.
D. P. Möller, “NIST cybersecurity framework and mitre cybersecurity criteria,” in Guide to Cybersecurity in Digital Transformation: Trends, Methods, Technologies, Applications and Best Practices: Springer, 2023, pp. 231–271.
J. L. Gowen Jr, “An exploratory study of risk quantification loss event frequency (LEF) approaches using the factor analysis of information risk (FAIR) model in non-financial risk areas,” Doctoral dissertation, Capitol Technology University, USA, 2023.
I. IGNAT, “Factor analysis of information risk (fair™) when assessing the information security,” M.S. Thesis, Dept. of Software Engineering and Automatics, Technical University of Moldova, Moldova, 2022.
K. A. Barreto, A. A. C. Callado, and A. L. C. Callado, “Internal control under the approach of COSO ERM framework components: A study in a higher education institution,” Revista Ambiente Contábil-Universidade Federal do Rio Grande do Norte, vol. 15, no. 2, pp. 202–223, 2023.
A. I. Awad, M. Shokry, A. A. Khalaf, and M. K. Abd-Ellah, “Assessment of Potential security risks in advanced metering infrastructure using the octave allegro approach,” Computers and Electrical Engineering, vol. 108, Art. no. 108667, 2023.
N. Alsafwani, Y. Fazea, and F. Alnajjar, “Strategic Approaches in network communication and information security risk assessment,” Information, vol. 15, no. 6, Art. no. 353, 2024.
T. Widianti, H. Firdaus, and T. Rakhmawati, “Mapping the Landscape: a Bibliometric Analysis of ISO 31000,” International Journal of Quality & Reliability Management, vol. 41 no. 7, pp. 1783–1810, 2024. doi: 10.1108/IJQRM-09-2023-02872024.
A. Jalilvand and S. Moorthy, “Enterprise risk management maturity: a clinical study of a US multinational nonprofit firm,” Journal of Accounting, Auditing & Finance, vol. 39, no. 3, pp. 883–902, 2024.
L. Abdurrahman, “Control Self-Assessment on Information Technology Business Processes as COBIT 2019-based Pre-Audit Activities,” International Journal of Knowledge Management in Tourism and Hospitality, vol. 3, no. 3, pp. 185–200, 2024.
F. Mera-Amores and H. N. Roa, “Enhancing information security management in small and medium enterprises (SMEs) through iso 27001 compliance,” in Future of Information and Communication Conference, 2024: Springer, pp. 197–207.
K. Antonopoulou and C. Begkos, “Strategizing for digital innovations: value propositions for transcending market boundaries,” Technological forecasting and social change, vol. 156, Art. no. 120042, 2020.
N. L. Rane, A. Achari, and S. P. Choudhary, “Enhancing customer loyalty through quality of service: Effective Strategies to improve customer satisfaction, experience, relationship, and engagement,” International Research Journal of Modernization in Engineering Technology and Science, vol. 5, no. 5, pp. 427–452, 2023.
M. Asif, S. Wang, M. F. Shahzad, and M. Ashfaq, “Data privacy and cybersecurity challenges in the digital transformation of the banking sector,” Computers & Security, vol. 147, Art. no. 104051, 2024.
A. Meena, S. Dhir, and S. Sushil, “Coopetition, strategy, and business performance in the era of digital transformation using a multi-method approach: some research implications for strategy and operations management,” International Journal of Production Economics, vol. 270, Apr. 2024, Art. no. 109068.
C. Aksoy, “Digital innovation management: frameworks, strategies, and future perspectives,” Uluslararası İşletme Bilimi ve Uygulamaları Dergisi, vol. 3, no. 2, pp. 1–19.
C.-H. Lee, D. Wang, S. Lyu, R. D. Evans, and L. Li, “A digital transformation-enabled framework and strategies for public health risk response and governance: China's experience,” Industrial Management & Data Systems, vol. 123, no. 1, pp. 133–154, 2023.
M. M. Feliciano-Cestero, N. Ameen, M. Kotabe, J. Paul, and M. Signoret, “Is digital transformation threatened? A systematic literature review of the factors influencing firms’ digital transformation and internationalization,” Journal of Business Research, vol. 157, Mar. 2023, Art. no. 113546.
S. J. Tracy, Qualitative Research Methods: Collecting Evidence, Crafting Analysis, Communicating Impact. John Wiley & Sons, 2024.
DOI: https://doi.org/10.15408/aism.v8i1.41090
Refbacks
- There are currently no refbacks.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
EDITORIAL ADDRESS:
Department of Information Systems, Faculty of Science and Technology,
Universitas Islam Negeri (UIN) Syarif Hidayatullah Jakarta
Faculty of Science and Technology Building, 3rd Floor, 1st Campus, Universitas Islam Negeri (UIN) Syarif Hidayatullah Jakarta
Jl. Ir. H. Juanda No. 95, Ciputat Timur, Kota Tangerang Selatan, Banten 15412, Indonesia.
Tlp/Fax: +622174019 25/+62217493315.
E-mail: aism.journal@apps.uinjkt.ac.id, Website: https://journal.uinjkt.ac.id/index.php/aism
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Applied Information System and Management (AISM) | E-ISSN: 2621-254 | P-ISSN: 2621-2536
https://journal.uinjkt.ac.id/index.php/aism