Análisis de prácticas de ciberseguridad en el contexto de un país en desarrollo: El rol del tamaño de empresa y la estrategia digital
Barra lateral del artículo
Contenido principal del artículo
Resumen
Las tecnologías digitales han revolucionado la forma en que las empresas operan y compiten; sin embargo, su integración en los procesos de negocio también amplifica la exposición a amenazas de ciberseguridad que podrían comprometer la integridad de los datos de la empresa y la continuidad del mercado. Por lo tanto, las prácticas de ciberseguridad se han convertido en una prioridad para asegurar las operaciones comerciales en el nuevo panorama del entorno digital. Este estudio evalúa el nivel de madurez en ciberseguridad de las empresas costarricenses, distinguiendo entre pymes y grandes empresas, con el objetivo de identificar patrones y desafíos compartidos que enfrentan para mejorar su posición en ciberseguridad en medio de los procesos de transformación digital. Además, se explora si la adopción de prácticas de ciberseguridad se explica por factores relacionados con el tamaño de la empresa y la adopción de una estrategia digital formal. Los resultados del análisis de conglomerados en una muestra de 66 empresas costarricenses sugieren que las empresas muestran diferentes niveles de madurez en ciberseguridad, y las más avanzadas sobresalen consistentemente en la participación, la concienciación y la gestión de vulnerabilidades en ciberseguridad. Además, los resultados revelan que el tamaño de la empresa y la existencia de una estrategia digital formal están estrechamente asociados con la madurez en ciberseguridad: las empresas más grandes con una estrategia digital tienden a ser líderes en ciberseguridad, mientras que la mayoría de las empresas más pequeñas de la muestra carecen de una estrategia digital formal y tienden a clasificarse como rezagadas en ciberseguridad, lo que indica su mayor vulnerabilidad a los riesgos cibernéticos. Las discrepancias identificadas revelan la necesidad de las empresas de integrar estratégicamente las consideraciones de seguridad en todos sus procesos y de adoptar enfoques de mejora estructurados y adaptativos para mitigar eficazmente las ciber-amenazas.
Detalles del artículo
La versión digital de la revista se encuentra registrada bajo la licencia Creative Commons BY-NC-ND 4.0. Por lo tanto, esta obra se puede reproducir, distribuir y comunicar públicamente sin propósitos comerciales, siempre que: 1. Se reconozca el nombre de los autores y la revista Tec Empresarial, y 2. No remezcle, transforme o haga una creación a partir del original.
Los autores conservan los derechos de autor y ceden a la revista el derecho de la primera publicación y de que pueda editarlo, reproducirlo, distribuirlo, exhibirlo y comunicarlo en el país y en el extranjero mediante medios impresos y electrónicos. Por otra parte, el autor declara asumir el compromiso sobre cualquier litigio o reclamación relacionada con derechos de propiedad intelectual, exonerando de responsabilidad a la Escuela de Administración de Empresas del Tecnológico de Costa Rica.
Citas
Abomhara, M., & Køien, G. M. (2015). Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility, 4(1), 65-88. https://doi.org/10.13052/jcsm2245-1439.414
Acs, Z. J., Lafuente, E., & Szerb, L. (2022). A note on the configuration of the digital ecosystem in Latin America. TEC Empresarial, 16(1), 1-15. https://doi.org/10.18845/te.v16i1.5926
Anderberg, M.R. (1973). Cluster Analysis for Applications. Academic Press.
Bayon, M. C., Lafuente, E., & Vaillant, Y. (2016). Human capital and the decision to exploit innovative opportunity. Management Decision, 54(7), 1615-1632. https://doi.org/10.1108/MD-04-2015-0130
Benz, M., & Chatterjee, D. (2020). Calculated risk? A cybersecurity evaluation tool for SMEs. Business Horizons, 63(4), 531-540. https://doi.org/10.1016/j.bushor.2020.03.010
Bharadwaj, A., El Sawy, O. A., Pavlou, P. A., & Venkatraman, N. (2013). Digital business strategy: Toward a next generation of insights. MIS Quarterly, 37(2), 471-482. https://www.jstor.org/stable/43825919
Calinski, R.B., & Harabasz, J. (1974). A dendrite method for cluster analysis. Communications in Statistics, 3(1), 1-27. https://doi.org/10.1080/03610927408827101
Chaudhary, V., Kaushik, A., Furukawa, H., & Khosla, A. (2022). Towards 5th generation AI and IoT driven sustainable intelligent sensors based on 2D MXenes and Borophene. ECS Sensors Plus, 1, 013601. https://doi.org/10.1149/2754-2726/ac5ac6
Chaudhuri, A., Behera, R. K., & Bala, P. K. (2025). Factors impacting cybersecurity transformation: An Industry 5.0 perspective. Computers & Security, 150, 104267. https://doi.org/10.1016/j.cose.2024.104267
Clemente-Almendros, J. A., Nicoara-Popescu, D., & Pastor-Sanz, I. (2024). Digital transformation in SMEs: Understanding its determinants and size heterogeneity. Technology in Society, 77, 102483. https://doi.org/10.1016/j.techsoc.2024.102483
Dinkova, M., El-Dardiry, R., & Overvest, B. (2024). Should firms invest more in cybersecurity? Small Business Economics, 63(1), 21-50. https://doi.org/10.1007/s11187-023-00803-0
Eller, R., Alford, P., Kallmünzer, A., & Peters, M. (2020). Antecedents, consequences, and challenges of small and medium-sized enterprise digitalization. Journal of Business Research, 112, 119-127. https://doi.org/10.1016/j.jbusres.2020.03.004
Escribá-Carda, N., Redondo-Cano, A., & Escribá-Moreno, M. Ángeles. (2024). Firms’ digital transformation and e-human resource management. A qualitative approach. TEC Empresarial, 18(3), 103-128. https://doi.org/10.18845/te.v18i3.7289
Everitt, B.S. (1980). Cluster Analysis. Second edition. Heineman.
Friday, D., Melnyk, S. A., Altman, M., Harrison, N., & Ryan, S. (2024). An inductive analysis of collaborative cybersecurity management capabilities, relational antecedents and supply chain cybersecurity parameters. International Journal of Physical Distribution & Logistics Management, 54(5), 476-500. https://doi.org/10.1108/IJPDLM-01-2023-0034
Greene, W. (2003). Econometric Analysis, 5th ed. Prentice Hall.
Hasan, S., Ali, M., Kurnia, S., & Thurasamy, R. (2021). Evaluating the cyber security readiness of organizations and its influence on performance. Journal of Information Security and Applications, 58, 102726. https://doi.org/10.1016/j.jisa.2020.102726
Hasani, T., O’Reilly, N., Dehghantanha, A., Rezania, D., & Levallet, N. (2023). Evaluating the adoption of cybersecurity and its influence on organizational performance. SN Business & Economics, 3(5), 97. https://doi.org/10.1007/s43546-023-00477-6
Heiding, F., Katsikeas, S., & Lagerström, R. (2023). Research communities in cyber security vulnerability assessments: A comprehensive literature review. Computer Science Review, 48, 100551. https://doi.org/10.1016/j.cosrev.2023.100551
Herath, T., & Rao, H. R. (2009). Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154-165. https://doi.org/10.1016/j.dss.2009.02.005
Hoong, Y., & Rezania, D. (2024). Navigating cybersecurity governance: The influence of opportunity structures in sociotechnical transitions for small and medium enterprises. Computers & Security, 142, 103852. https://doi.org/10.1016/j.cose.2024.103852
James, T., Nottingham, Q., & Kim, B. C. (2013). Determining the antecedents of digital security practices in the general public dimension. Information Technology and Management, 14, 69-89. https://doi.org/10.1007/s10799-012-0147-4
Lafuente, E., Acs, Z. J., & Szerb, L. (2024). Analysis of the digital platform economy around the world: A network DEA model for identifying policy priorities. Journal of Small Business Management, 62(2), 847-891. https://doi.org/10.1080/00472778.2022.2100895
Lafuente, E., Alonso-Ubieta, S., Leiva, J. C., & Mora-Esquivel, R. (2021). Strategic priorities and competitiveness of businesses operating in different entrepreneurial ecosystems: a benefit of the doubt (BOD) analysis. International Journal of Entrepreneurial Behavior & Research, 27(5), 1351-1377. https://doi.org/10.1108/IJEBR-06-2020-0425
Lafuente, E., Araya, M., & Leiva, J. C. (2022). Assessment of local competitiveness: A composite indicator analysis of Costa Rican counties using the ‘Benefit of the Doubt’ model. Socio-Economic Planning Sciences, 81, 100864. https://doi.org/10.1016/j.seps.2020.100864
Lafuente, E., Bayo-Moriones, A., & García-Cestona, M. (2010). ISO-9000 certification and ownership structure: Effects upon firm performance. British Journal of Management, 21(3), 649-665. https://doi.org/10.1111/j.1467-8551.2009.00660.x
Lafuente, E., & Sallan, J. M. (2024). Digitally powered solution delivery: The use of IoT and AI for transitioning towards a solution business model. International Journal of Production Economics, 277, 109383. https://doi.org/10.1016/j.ijpe.2024.109383
Lafuente, E., Solano, A., Leiva, J. C., & Mora-Esquivel, R. (2019). Determinants of innovation performance: Exploring the role of organisational learning capability in knowledge-intensive business services (KIBS) firms. ARLA-Academia Revista Latinoamericana de Administración, 32(1), 40-62. https://doi.org/10.1108/ARLA-10-2017-0309
Lafuente, E., Szerb, L., & Rideg, A. (2020). A system dynamics approach for assessing SMEs’ competitiveness. Journal of Small Business and Enterprise Development, 27(4), 555-578. https://doi.org/10.1108/JSBED-06-2019-0204
Lafuente, E., Vaillant, Y., & Leiva, J.C. (2018). Sustainable and traditional product innovation without scale and experience, but only for KIBS!. Sustainability, 10(4), 1169. https://doi.org/10.3390/su10041169
Lafuente, E., Vaillant, Y., & Rabetino, R. (2023). Digital disruption of optimal co-innovation configurations. Technovation, 125, 102772. https://doi.org/10.1016/j.technovation.2023.102772
Lederer, M., Schott, P., Huber, S., & Kurz, M. (2013). Strategic business process analysis: A procedure model to align business strategy with business process analysis methods. In: Fischer, H., Schneeberger, J. (eds) S-BPM ONE - Running Processes. S-BPM ONE 2013. Communications in Computer and Information Science, vol 360. Springer. https://doi.org/10.1007/978-3-642-36754-0_16
Li, L., He, W., Xu, L., Ash, I., Anwar, M., & Yuan, X. (2019). Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management, 45, 13-24. https://doi.org/10.1016/j.ijinfomgt.2018.10.017
Li, L., Xu, L., & He, W. (2022). The effects of antecedents and mediating factors on cybersecurity protection behavior. Computers in Human Behavior Reports, 5, 100165. https://doi.org/10.1016/j.chbr.2021.100165
Long, J.S. (1997). Regression Models for Categorical and Limited Dependent Variables. Sage Publications. Melville, N., Kraemer, K., & Gurbaxani, V. (2004). Information technology and organizational performance: An integrative model of IT business value. MIS Quarterly, 28(2), 283-322. https://doi.org/10.2307/25148636
Mora-Esquivel, R., & Leiva, J.C. (2025). The role of digital service innovation strategy on SME performance: an international study. Journal of Enterprise Information Management. https://doi.org/10.1108/JEIM-02-2024-0099
Neri, M., Niccolini, F., & Martino, L. (2024). Organizational cybersecurity readiness in the ICT sector: a quanti-qualitative assessment. Information & Computer Security, 32(1), 38-52. https://doi.org/10.1108/ICS-05-2023-0084
OECD (2017). Key issues for digital transformation in the G20. OECD Publishing. https://www.oecd.org/g20/key-issues-fordigital-transformation-in-the-g20.pdf
OECD (2024). New perspectives on measuring cybersecurity. OECD Digital Economy Papers, No. 366. https://www.oecd.org/en/publications/new-perspectives-on-measuring-cybersecurity_b1e31997-en.html
Porter, M. E., & Heppelmann, J. E. (2014). How smart, connected products are transforming competition. Harvard Business Review, 92(11), 64-88. https://dialnet.unirioja.es/servlet/articulo?codigo=5544175
Rabetino, R., Kohtamäki, M., Foss, N. J., Rahman, N., & Huikkola, T. (2025). Microfoundations for business model innovation: Exploring the interplay between individuals, practices, and organizational design. Journal of Product Innovation Management, in press, https://doi.org/10.1111/jpim.12784
Rojas-Segura, J., Faith-Vargas, M., & Martínez-Villavicencio, J. (2023). Conceptualizing digital transformation using semantic decomposition. TEC Empresarial, 17(3), 63-75. https://doi.org/10.18845/te.v17i3.6850
Tam, T., Rao, A., & Hall, J. (2021). The good, the bad and the missing: A narrative review of cyber-security implications for Australian small businesses. Computers & Security, 109, 102385. https://doi.org/10.1016/j.cose.2021.102385
Teece, D.J. (2018). Dynamic capabilities as (workable) management systems theory. Journal of Management & Organization, 24(3), 359-368. https://doi.org/10.1017/jmo.2017.75
Vaillant, Y., & Lafuente, E. (2024). Digital versus non-digital servitization for environmental and non-financial performance benefits. Journal of Cleaner Production, 450, 142078. https://doi.org/10.1016/j.jclepro.2024.142078
Vaillant, Y., Lafuente, E., & Vendrell-Herrero, F. (2025). AI platforms as cooperation enablers favoring the development of strategic situating capabilities within solution delivery ecosystems. Journal of Product Innovation Management https://doi.org/10.1111/jpim.12807
Verhoef, P. C., Broekhuizen, T., Bart, Y., Bhattacharya, A., Dong, J. Q., Fabian, N., & Haenlein, M. (2021). Digital transformation: A multidisciplinary reflection and research agenda. Journal of Business Research, 122, 889-901. https://doi.org/10.1016/j.jbusres.2019.09.022
Vroom, C., & Von Solms, R. (2004). Towards information security behavioural compliance. Computers & Security, 23(3), 191-198. https://doi.org/10.1016/j.cose.2004.01.012
Wilson, M., McDonald, S., Button, D., & McGarry, K. (2023). It won’t happen to me: surveying SME attitudes to cyber-security. Journal of Computer Information Systems, 63(2), 397-409. https://doi.org/10.1080/08874417.2022.2067791
Wong, L. W., Lee, V. H., Tan, G. W. H., Ooi, K. B., & Sohal, A. (2022). The role of cybersecurity and policy awareness in shifting employee compliance attitudes: Building supply chain capabilities. International Journal of Information Management, 66, 102520. https://doi.org/10.1016/j.ijinfomgt.2022.102520