ORIGINAL RESEARCH article
Front. Commun. Netw.
Sec. Security, Privacy and Authentication
Volume 6 - 2025 | doi: 10.3389/frcmn.2025.1594554
Determinants of Cybersecurity Investment in ASEAN Organizations: An Integrated Structural Equation Modeling Approach
Provisionally accepted
- 1Siam Technology College, Bangkok, Thailand
- 2Mahidol University, Salaya, Thailand
Select one of your emails
You have multiple emails registered with Frontiers:
Notify me on publication
Please enter your email address:
If you already have an account, please login
You don't have a Frontiers account ? You can register here
This study examines the factors influencing cybersecurity investment decisions in organizations across the ASEAN region's diverse digital landscape. Using structural equation modeling (SEM) with data from 317 cybersecurity and IT executives, the research investigates how risk management practices, financial considerations, cybersecurity governance and compliance affect investment patterns, both directly and through the mediating role of cybersecurity strategy. We measured these constructs through a validated instrument capturing organizational practices across multiple dimensions including threat assessment processes, budget allocation frameworks, regulatory compliance mechanisms, and strategic planning approaches. The results reveal that cybersecurity strategy serves as the primary determinant of investment (β = 0.63, p < 0.001), while being significantly influenced by financial considerations (β = 0.57, p < 0.001), risk management (β = 0.54, p < 0.001), and regulatory environments (β = 0.42, p < 0.001). Different mediation patterns emerge across factors, with financial considerations influencing investment exclusively through strategy (full mediation), while risk management and governance factors affect investment both directly and indirectly (partial mediation). Multi-group analysis reveals significant differences between critical infrastructure and other sectors, with regulatory and risk management factors exerting stronger influence in critical infrastructure organizations. The model explains 68% of the variance in cybersecurity investment decisions, providing a comprehensive framework for understanding security resource allocation in ASEAN's diverse digital landscape characterized by varying regulatory maturity levels and digital adoption rates. These findings offer valuable insights for organizations seeking to optimize their cybersecurity investments across ASEAN's heterogeneous economies and for policymakers developing regulatory frameworks that effectively drive security enhancements while accommodating regional diversity.
Keywords: Cybersecurity investment, Risk Management, Financial considerations, cybersecurity strategy, Investment decision-making, Organizational security
Received: 16 Mar 2025; Accepted: 15 May 2025.
Copyright: © 2025 Sukma, Rattanapong and Na Ayuthaya. This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) or licensor are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.
* Correspondence:
Narongsak Sukma, Siam Technology College, Bangkok, Thailand
Smitti Darakorn Na Ayuthaya, Mahidol University, Salaya, 73170, Thailand
Disclaimer: All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article or claim that may be made by its manufacturer is not guaranteed or endorsed by the publisher.