AUTHOR=Rattanapong Phasikha , Sukma Narongsak , Darakorn Na Ayuthaya Smitti 

TITLE=Determinants of cybersecurity investment in ASEAN organizations: an integrated structural equation modeling approach

JOURNAL=Frontiers in Communications and Networks

VOLUME=Volume 6 - 2025

YEAR=2025

URL=https://www.frontiersin.org/journals/communications-and-networks/articles/10.3389/frcmn.2025.1594554

DOI=10.3389/frcmn.2025.1594554

ISSN=2673-530X

ABSTRACT=This study examines the factors influencing cybersecurity investment decisions in organizations across the ASEAN region’s diverse digital landscape, where varying levels of regulatory maturity and digital adoption create unique security challenges. Using structural equation modeling (SEM) with data from 317 cybersecurity and IT executives, we investigated how risk management practices, financial considerations, and cybersecurity governance and compliance affect investment patterns, both directly and through the mediating role of cybersecurity strategy. The research methodology employed a validated instrument capturing multiple dimensions of organizational practices, including threat assessment processes, budget allocation frameworks, and strategic planning approaches. Our analysis revealed that cybersecurity strategy serves as the primary determinant of investment (β = 0.63, p < 0.001), while being significantly influenced by financial considerations (β = 0.57, p < 0.001), risk management (β = 0.54, p < 0.001), and regulatory environments (β = 0.42, p < 0.001). Notably, different mediation patterns emerged across factors, with financial considerations influencing investment exclusively through strategy (full mediation), whereas risk management and governance factors affected investment both directly and indirectly (partial mediation). Further investigation through multi-group analysis uncovered significant differences between critical infrastructure and other sectors, with regulatory and risk management factors exerting stronger influence in critical infrastructure organizations. Overall, our model explains 68% of the variance in cybersecurity investment decisions, providing robust explanatory power despite the region’s heterogeneity. These findings offer a comprehensive framework for understanding security resource allocation in ASEAN’s diverse digital landscape and provide valuable insights for organizations seeking to optimize their cybersecurity investments. Additionally, the results inform policymakers developing regulatory frameworks that can effectively drive security enhancements while accommodating the economic and technological diversity that characterizes the ASEAN region.