The investment component of project-oriented information security management for small and medium enterprises on the path to the EU digital market
|
Title: |
The investment component of project-oriented information security management for small and medium enterprises on the path to the EU digital market |
|
Authors: |
Sorokivska, Olena |
|
Affiliation: |
Ternopil Ivan Puluj National Technical University, 56 Ruska str., Ternopil, 46001, Ukraine |
|
Bibliographic description (International): |
Sorokivska, O., Kinal, N. & Stefaniv, R. (2026) The investment component of project-oriented information security management for small and medium enterprises on the path to the EU digital market. Socio-Economic Problems and the State (electronic journal), Vol. 34, no. 1, pp. 71-82. URL: http://sepd.tntu.edu.ua/images/stories/pdf/2026/26soaedm.pdf |
|
Journal/Collection: |
Scientific Journal "Socio-Economic Problems and the State" |
|
Issue: |
1(34) |
|
Issue Date: |
May-2026 |
|
Submitted date: |
Feb-2026 |
|
Date of entry: |
17-Jun-2026 |
|
Publisher: |
Ternopil Ivan Puluj National Technical University |
|
Country (code): |
UA |
|
Place of the edition/event: |
Ternopil |
|
ORCID Id: |
https://orcid.org/0000-0001-8549-2910 |
|
DOI: |
https://doi.org/10.33108/sepd2026.01.071 |
|
UDC: |
330.341:004.738.5 |
|
JEL: |
L86 |
|
Keywords: |
ROSI |
|
Page range: |
71-82 |
|
Start page: |
71 |
|
End page: |
82 |
|
Abstract: |
The article examines the investment dimension of project-oriented information security management in small and medium-sized enterprises (SMEs) within the context of integration into the European Union’s digital market. It substantiates that the entry of Ukrainian SMEs into the EU Digital Single Market is accompanied by a dual challenge: the need for accelerated digital transformation of business processes and the simultaneous alignment of risk management systems with the requirements of the European regulatory framework. It is argued that information security is no longer a supporting IT function but has evolved into a strategic determinant of competitiveness and market access. The study analyzes the impact of key EU regulatory acts – particularly the General Data Protection Regulation (GDPR) and the NIS2 Directive – on shaping cybersecurity and resilience requirements for enterprises engaged in cross-border activities. It is demonstrated that compliance in the areas of personal data protection and cybersecurity functions not only as a regulatory obligation but also as an economic prerequisite for participation in digital supply chains, access to investment, and the conclusion of contracts with European partners. The methodological framework combines instruments of investment management with a project-based approach to information security governance. The study proposes the application of the Annual Loss Expectancy (ALE) indicator and the Return on Security Investment (ROSI) metric to provide a quantitative justification for cybersecurity investments under conditions of limited financial resources typical for SMEs. Furthermore, a modified Net Benefit (NB) model is developed by incorporating the concept of Market Access Value (ΔMAV). This extended model captures not only the financial effect of risk mitigation and avoided penalties but also the additional marginal revenue generated through compliance-driven access to the EU market. Based on a hypothetical financial scenario, the analysis demonstrates that even when ROSI is negative in the short term, investments in information security become economically justified in the medium term. When ΔMAV is incorporated into the assessment, such projects may generate positive financial returns within the first years of implementation. The paper also substantiates that a low level of information security creates regulatory, financial, reputational, and supply-chain barriers that significantly hinder the entry of Ukrainian SMEs into the EU digital market. In conclusion, the transformation of information security management from a cost-based perception to an investment-oriented model is identified as a necessary condition for ensuring business resilience, competitiveness, and successful integration of Ukrainian SMEs into the European digital economic space. The proposed methodological approach can serve as a practical analytical tool for strategic cybersecurity budgeting and investment decision-making in the process of European economic integration. |
|
Sponsorship: |
The authors received no direct funding for this research. |
|
URI: |
http://elartu.tntu.edu.ua/handle/lib/52482 |
|
ISSN: |
2223-3822 |
|
Copyright owner: |
Scientific Journal "Socio-Economic Problems and the State" |
|
URL for reference material: |
http://sepd.tntu.edu.ua/images/stories/pdf/2026/26soaedm.pdf |
|
References (International): |
1. Markowitz H. M. Portfolio Selection. The Journal of Finance. 1952. Vol. 7, No. 1. P. 77–91. DOI: https://doi.org/10.1111/j.1540-6261.1952.tb01525.x |
|
Content type: |
Article |
|
Appears in Collections: |
Scientific Journal "Socio-Economic Problems and the State", Vol.34, No.1 |
| < Prev | Next > |
|---|









