{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T08:00:41Z","timestamp":1771574441785,"version":"3.50.1"},"reference-count":50,"publisher":"Frontiers Media SA","license":[{"start":{"date-parts":[[2025,6,3]],"date-time":"2025-06-03T00:00:00Z","timestamp":1748908800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["frontiersin.org"],"crossmark-restriction":true},"short-container-title":["Front. Commun. Netw."],"abstract":"This study examines the factors influencing cybersecurity investment decisions in organizations across the ASEAN region\u2019s diverse digital landscape, where varying levels of regulatory maturity and digital adoption create unique security challenges. Using structural equation modeling (SEM) with data from 317 cybersecurity and IT executives, we investigated how risk management practices, financial considerations, and cybersecurity governance and compliance affect investment patterns, both directly and through the mediating role of cybersecurity strategy. The research methodology employed a validated instrument capturing multiple dimensions of organizational practices, including threat assessment processes, budget allocation frameworks, and strategic planning approaches. Our analysis revealed that cybersecurity strategy serves as the primary determinant of investment (\u03b2 = 0.63, p &lt; 0.001), while being significantly influenced by financial considerations (\u03b2 = 0.57, p &lt; 0.001), risk management (\u03b2 = 0.54, p &lt; 0.001), and regulatory environments (\u03b2 = 0.42, p &lt; 0.001). Notably, different mediation patterns emerged across factors, with financial considerations influencing investment exclusively through strategy (full mediation), whereas risk management and governance factors affected investment both directly and indirectly (partial mediation). Further investigation through multi-group analysis uncovered significant differences between critical infrastructure and other sectors, with regulatory and risk management factors exerting stronger influence in critical infrastructure organizations. Overall, our model explains 68% of the variance in cybersecurity investment decisions, providing robust explanatory power despite the region\u2019s heterogeneity. These findings offer a comprehensive framework for understanding security resource allocation in ASEAN\u2019s diverse digital landscape and provide valuable insights for organizations seeking to optimize their cybersecurity investments. Additionally, the results inform policymakers developing regulatory frameworks that can effectively drive security enhancements while accommodating the economic and technological diversity that characterizes the ASEAN region.<\/jats:p>","DOI":"10.3389\/frcmn.2025.1594554","type":"journal-article","created":{"date-parts":[[2025,6,3]],"date-time":"2025-06-03T05:22:09Z","timestamp":1748928129000},"update-policy":"https:\/\/doi.org\/10.3389\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Determinants of cybersecurity investment in ASEAN organizations: an integrated structural equation modeling approach"],"prefix":"10.3389","volume":"6","author":[{"given":"Phasikha","family":"Rattanapong","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Narongsak","family":"Sukma","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Smitti","family":"Darakorn Na Ayuthaya","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1965","published-online":{"date-parts":[[2025,6,3]]},"reference":[{"key":"B1","doi-asserted-by":"publisher","first-page":"103845","DOI":"10.1016\/j.cose.2023.103845","article-title":"Strategic cybersecurity","volume":"141","author":"AlDaajeh","year":"2024","journal-title":"Comput. Secur."},{"key":"B2","doi-asserted-by":"publisher","first-page":"100989","DOI":"10.1016\/j.jfs.2021.100989","article-title":"The drivers of cyber risk","volume":"60","author":"Aldasoro","year":"2022","journal-title":"J. Financial Stab."},{"key":"B3","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1142\/S0219622023500336","article-title":"Cybersecurity strategy implementation in healthcare organizations: a framework for protecting patient data","volume":"37","author":"Ali","year":"2023","journal-title":"J. Healthc. Inf. Manag."},{"key":"B4","doi-asserted-by":"publisher","first-page":"1880","DOI":"10.3390\/su16051880","article-title":"Organizational cybersecurity systems and sustainable business performance of small and medium enterprises (SMEs) in Saudi Arabia: the mediating and moderating role of cybersecurity resilience and organizational culture","volume":"16","author":"Al-Somali","year":"2024","journal-title":"Sustainability"},{"key":"B5","volume-title":"SEAN Cybersecurity Cooperation Strategy 2021-2025","year":"2023"},{"key":"B6","first-page":"74","article-title":"On the evaluation of structural equation models","volume-title":"Journal of the Academy of Marketing Science","author":"Bagozzi","year":"1988"},{"key":"B7","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1108\/IJLMA-08-2022-0167","article-title":"Strengthening the legal frameworks of data piracy and cybersecurity in digital era","volume":"65","author":"Bharat","year":"2023","journal-title":"Int. J. Law Manag."},{"key":"B8","doi-asserted-by":"publisher","first-page":"85","DOI":"10.21315\/mjms2018.25.6.9","article-title":"A review on sample size determination for Cronbach's alpha test: a simple guide for researchers","volume":"25","author":"Bujang","year":"2018","journal-title":"Malays. J. Med. Sci."},{"key":"B9","doi-asserted-by":"publisher","DOI":"10.26199\/20z5-8t15","article-title":"ASEAN-China cybersecurity cooperation: challenges and opportunities","author":"Caballero-Anthony","year":"2021","journal-title":"RSIS Monogr. NTU"},{"key":"B10","doi-asserted-by":"publisher","first-page":"94","DOI":"10.11610\/isij.5409","article-title":"Prioritizing investments in cybersecurity: empirical evidence from an event study on the determinants of cyberattack costs","volume":"54","author":"Celeny","year":"2023","journal-title":"Inf. Secur."},{"key":"B11","unstructured":"ASEAN\u2019s cyber initiatives: a select list\n \n \n 2023"},{"key":"B12","unstructured":"2022 state of cybersecurity - ASEAN\n \n \n 2022"},{"key":"B13","doi-asserted-by":"publisher","first-page":"1149","DOI":"10.3758\/BRM.41.4.1149","article-title":"Statistical power analyses using G*Power 3.1: tests for correlation and regression analyses","volume":"41","author":"Faul","year":"2009","journal-title":"Behav. Res. Methods"},{"key":"B14","doi-asserted-by":"publisher","first-page":"766","DOI":"10.3390\/jcp2040039","article-title":"Security compliance and its implication for cybersecurity","volume":"2","author":"Folorunso","year":"2022","journal-title":"J. Cybersecurity Priv."},{"key":"B51","doi-asserted-by":"publisher","first-page":"39","DOI":"10.2307\/3151312","article-title":"Evaluating structural equation models with unobservable variables and measurement error","volume":"18","author":"Fornell","year":"1981","journal-title":"J. Mark. Res."},{"key":"B15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s43546-023-00477-6","article-title":"Evaluating the adoption of cybersecurity and its influence on organizational performance","volume":"3","author":"Hasani","year":"2023","journal-title":"SN Bus. & Econ."},{"key":"B16","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1007\/s11747-022-00894-3","article-title":"The heterotrait-monotrait ratio of correlations: a new criterion for assessing discriminant validity in structural equation modeling","volume":"51","author":"Henseler","year":"2023","journal-title":"J. Acad. Mark. Sci."},{"key":"B17","doi-asserted-by":"publisher","first-page":"195","DOI":"10.2308\/ISYS-19-054","article-title":"The influence of corporate governance mechanisms and contextual factors on cybersecurity disclosure","volume":"36","author":"H\u00e9roux","year":"2022","journal-title":"J. Inf. Syst."},{"key":"B18","doi-asserted-by":"publisher","first-page":"5501","DOI":"10.3390\/app14135501","article-title":"Local government cybersecurity landscape: a systematic review and conceptual framework","volume":"14","author":"Hossain","year":"2023","journal-title":"Appl. Sci."},{"key":"B19","doi-asserted-by":"publisher","first-page":"119322","DOI":"10.1016\/j.apenergy.2022.119322","article-title":"Energy security risk and financial development nexus: disaggregated level evidence from South Korea by cross-quantilogram approach","volume":"321","author":"Kartal","year":"2022","journal-title":"Appl. Energy"},{"key":"B20","doi-asserted-by":"publisher","first-page":"13","DOI":"10.3390\/g15020013","article-title":"Dynamic awareness and strategic adaptation in cybersecurity: a game-theory approach","volume":"15","author":"Kosteli\u0107","year":"2024","journal-title":"Games"},{"key":"B21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/16081625.2021.1922753","article-title":"The impact of cybersecurity investment on firm value: evidence from a quasi-natural experiment in China","volume":"30","author":"Li","year":"2021","journal-title":"Asia-Pacific J. Account. Econ."},{"key":"B22","doi-asserted-by":"publisher","first-page":"1293658","DOI":"10.1177\/03128962241293658","article-title":"Corporate cybersecurity risk and data breaches: a systematic review of empirical research","volume":"49","author":"Liu","year":"2024","journal-title":"Aust. J. Manag."},{"key":"B23","unstructured":"ASEAN cybersecurity industry unlocking growth opportunities: analysis and forecast 2025-2033\n \n \n 2024"},{"key":"B24","doi-asserted-by":"publisher","first-page":"893","DOI":"10.1111\/acfi.12956","article-title":"Board gender diversity and cybersecurity risk disclosure in corporate governance statements","volume":"63","author":"Mazumder","year":"2023","journal-title":"Account. Finance"},{"key":"B25","doi-asserted-by":"publisher","first-page":"154","DOI":"10.3390\/risks11090154","article-title":"Optimal cyber security investment in a mixed risk management framework: examining the role of cyber insurance and expenditure analysis","volume":"11","author":"Mazzoccoli","year":"2023","journal-title":"Risks"},{"key":"B26","doi-asserted-by":"publisher","first-page":"109","DOI":"10.3390\/risks11060109","article-title":"Context-based and adaptive cybersecurity risk management framework","volume":"11","author":"Melaku","year":"2023","journal-title":"Risks"},{"key":"B27","doi-asserted-by":"publisher","first-page":"103082","DOI":"10.1016\/j.cose.2023.103082","article-title":"Cybersecurity risks for critical national infrastructure: a systematic literature review","volume":"127","author":"Pattnaik","year":"2023","journal-title":"Comput. Secur."},{"key":"B28","unstructured":"Cybersecurity threatscape of Asia: 2022\u20132023\n \n \n 2023"},{"key":"B30","doi-asserted-by":"crossref","DOI":"10.4108\/eai.31-3-2022.2320684","article-title":"ASEAN consensus and forming cybersecurity regulation in Southeast Asia","volume-title":"Proceedings of the 1st International Conference on Contemporary Risk Studies","author":"Ramadhan","year":"2022"},{"key":"B31","doi-asserted-by":"publisher","first-page":"376","DOI":"10.2139\/ssrn.4044868","article-title":"Financial institutions cybersecurity standards: legal implications of evolving judicial interpretation of reasonable security measures","volume":"139","author":"Ramazonov","year":"2022","journal-title":"Bank. Law J."},{"key":"B32","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1111\/risa.13331","article-title":"An adversarial risk analysis framework for cybersecurity","volume":"41","author":"Rios Insua","year":"2021","journal-title":"Risk Anal."},{"key":"B33","doi-asserted-by":"publisher","first-page":"32","DOI":"10.51233\/SPCSI.2023.7.4-32","article-title":"A holistic approach for cybersecurity in organizations","volume":"7","author":"Rupra","year":"2023","journal-title":"Sci. Pract. Cyber Secur. J."},{"key":"B34","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1365\/s43439-021-00045-4","article-title":"Cyber governance studies in ensuring cybersecurity: an overview of cybersecurity governance","volume":"3","author":"Sava\u015f","year":"2022","journal-title":"Int. Cybersecurity Law Rev."},{"key":"B35","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1108\/IJAIM-05-2022-0093","article-title":"Board attributes, shareholder confidence, and cyber-security disclosure","volume":"31","author":"Smaili","year":"2023","journal-title":"Int. J. Account. Inf. Manag."},{"key":"B36","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1365\/s43439-024-00111-7","article-title":"More than malware: unmasking the hidden risk of cybersecurity regulations","volume":"2024","author":"Springermann","year":"2024","journal-title":"Int. Cybersecurity Law Rev."},{"key":"B37","doi-asserted-by":"publisher","first-page":"e0270137","DOI":"10.1371\/journal.pone.0270137","article-title":"Understanding online behavior towards community water user participation: a perspective of a developing country","volume":"17","author":"Sukma","year":"2022","journal-title":"PloS one"},{"key":"B38","doi-asserted-by":"publisher","first-page":"940955","DOI":"10.3389\/fenvs.2022.940955","article-title":"A community sustainability ecosystem modeling for water supply business in Thailand","volume":"10","author":"Sukma","year":"","journal-title":"Front. Environ. Sci."},{"key":"B39","doi-asserted-by":"publisher","first-page":"1013153","DOI":"10.3389\/fenvs.2022.1013153","article-title":"From conceptual model to conceptual framework: a sustainable business framework for community water supply businesses","volume":"10","author":"Sukma","year":"","journal-title":"Front. Environ. Sci."},{"key":"B40","doi-asserted-by":"publisher","first-page":"918981","DOI":"10.3389\/fenvs.2022.918981","article-title":"The influence and continuance intention of the E-government system: a case study of community water supply business","volume":"10","author":"Sukma","year":"","journal-title":"Front. Environ. Sci."},{"key":"B41","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2022\/1732944","article-title":"Factors affecting adoption of online community water user participation","volume":"2022","author":"Sukma","year":"2022","journal-title":"Hum. Behav. Emerg. Technol."},{"key":"B42","doi-asserted-by":"publisher","first-page":"188154","DOI":"10.1109\/access.2024.3516053","article-title":"An algorithmic trading approach merging machine learning with multi-indicator strategies for optimal performance","volume":"12","author":"Sukma","year":"","journal-title":"IEEE Access"},{"key":"B43","doi-asserted-by":"publisher","DOI":"10.1007\/s10614-024-10669-3","article-title":"Enhancing trading strategies: a multi-indicator analysis for profitable algorithmic trading","volume":"48","author":"Sukma","year":"","journal-title":"Comput. Econ."},{"key":"B44","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1142\/s0219622025500336","article-title":"Predictive modeling for identifying undervalued stocks using machine learning","author":"Sukma","year":"2025","journal-title":"Int. J. Inf. Technol. Decis. Mak."},{"key":"B45","doi-asserted-by":"publisher","first-page":"427","DOI":"10.24507\/icicelb.15.05.427","article-title":"Trading strategies development using combined enhanced voter-method with technical indicators and machine learning","volume":"15","author":"Sukma","year":"2024","journal-title":"ICIC Express Lett. Part B Appl."},{"key":"B46","doi-asserted-by":"publisher","first-page":"010","DOI":"10.28945\/5476","article-title":"BEST: an instructional design model to empower graduate student self-efficacy in research","volume":"20","author":"Sukma","year":"2025","journal-title":"Interdiscip. J. Inf. Knowl. Manag."},{"key":"B47","doi-asserted-by":"publisher","first-page":"131","DOI":"10.17323\/1999-5431-2025-0-5-131-158","article-title":"Future economic and sustainability impacts of open data in insurance","author":"Sukma","year":"2025","journal-title":"Public Adm. Issues"},{"key":"B48","doi-asserted-by":"publisher","first-page":"1045","DOI":"10.1007\/s11187-021-00572-8","article-title":"Cyberattack, cyber risk mitigation capabilities, and firm productivity in emerging economies","volume":"59","author":"Tetteh","year":"2022","journal-title":"Small Bus. Econ."},{"key":"B49","doi-asserted-by":"publisher","first-page":"101974","DOI":"10.1016\/j.ribaf.2023.101974","article-title":"Corporate investment reactions to external security risks: evidence from cyber threats","volume":"66","author":"Zhang","year":"2023","journal-title":"Res. Int. Bus. Finance"},{"key":"B50","doi-asserted-by":"publisher","first-page":"545","DOI":"10.15408\/jcs.v11i3.28574","article-title":"Examining the readiness of the organization's security success in improving security performance","volume":"11","author":"Zuhroh","year":"2023","journal-title":"J. Comput. Secur."}],"container-title":["Frontiers in Communications and Networks"],"original-title":[],"link":[{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/frcmn.2025.1594554\/full","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,3]],"date-time":"2025-06-03T05:22:13Z","timestamp":1748928133000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/frcmn.2025.1594554\/full"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,3]]},"references-count":50,"alternative-id":["10.3389\/frcmn.2025.1594554"],"URL":"https:\/\/doi.org\/10.3389\/frcmn.2025.1594554","relation":{},"ISSN":["2673-530X"],"issn-type":[{"value":"2673-530X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,6,3]]},"article-number":"1594554"}}