Another issue of scientific journal Vol.34 No.1 2026 has been published

Ukrainian (UA)English (United Kingdom)

Other Categories

Вхід / реєстрація



Votes

How did you find on our site?
 

The investment component of project-oriented information security management for small and medium enterprises on the path to the EU digital market

Title: 


The investment component of project-oriented information security management for small and medium enterprises on the path to the EU digital market


Authors: 


Sorokivska, Olena
Kinal, Nazar
Stefaniv, Ruslan


Affiliation: 


Ternopil Ivan Puluj National Technical University, 56 Ruska str., Ternopil, 46001, Ukraine


Bibliographic description (International): 


Sorokivska, O., Kinal, N. & Stefaniv, R. (2026) The investment component of project-oriented information security management for small and medium enterprises on the path to the EU digital market. Socio-Economic Problems and the State (electronic journal), Vol. 34, no. 1, pp. 71-82. URL: http://sepd.tntu.edu.ua/images/stories/pdf/2026/26soaedm.pdf


Journal/Collection: 


Scientific Journal "Socio-Economic Problems and the State"


Issue: 


1(34)


Issue Date: 


May-2026


Submitted date: 


Feb-2026


Date of entry: 


17-Jun-2026


Publisher: 


Ternopil Ivan Puluj National Technical University


Country (code): 


UA


Place of the edition/event: 


Ternopil


ORCID Id: 


https://orcid.org/0000-0001-8549-2910
https://orcid.org/0009-0003-7980-2101
https://orcid.org/0009-0002-2129-3454


DOI: 


https://doi.org/10.33108/sepd2026.01.071


UDC: 


330.341:004.738.5


JEL: 


L86
G32
M15


Keywords: 


ROSI
investment management
information security
SMEs
project-oriented management
digital transformation
EU market


Page range: 


71-82


Start page: 


71


End page: 


82


Abstract: 


The article examines the investment dimension of project-oriented information security management in small and medium-sized enterprises (SMEs) within the context of integration into the European Union’s digital market. It substantiates that the entry of Ukrainian SMEs into the EU Digital Single Market is accompanied by a dual challenge: the need for accelerated digital transformation of business processes and the simultaneous alignment of risk management systems with the requirements of the European regulatory framework. It is argued that information security is no longer a supporting IT function but has evolved into a strategic determinant of competitiveness and market access. The study analyzes the impact of key EU regulatory acts – particularly the General Data Protection Regulation (GDPR) and the NIS2 Directive – on shaping cybersecurity and resilience requirements for enterprises engaged in cross-border activities. It is demonstrated that compliance in the areas of personal data protection and cybersecurity functions not only as a regulatory obligation but also as an economic prerequisite for participation in digital supply chains, access to investment, and the conclusion of contracts with European partners. The methodological framework combines instruments of investment management with a project-based approach to information security governance. The study proposes the application of the Annual Loss Expectancy (ALE) indicator and the Return on Security Investment (ROSI) metric to provide a quantitative justification for cybersecurity investments under conditions of limited financial resources typical for SMEs. Furthermore, a modified Net Benefit (NB) model is developed by incorporating the concept of Market Access Value (ΔMAV). This extended model captures not only the financial effect of risk mitigation and avoided penalties but also the additional marginal revenue generated through compliance-driven access to the EU market. Based on a hypothetical financial scenario, the analysis demonstrates that even when ROSI is negative in the short term, investments in information security become economically justified in the medium term. When ΔMAV is incorporated into the assessment, such projects may generate positive financial returns within the first years of implementation. The paper also substantiates that a low level of information security creates regulatory, financial, reputational, and supply-chain barriers that significantly hinder the entry of Ukrainian SMEs into the EU digital market. In conclusion, the transformation of information security management from a cost-based perception to an investment-oriented model is identified as a necessary condition for ensuring business resilience, competitiveness, and successful integration of Ukrainian SMEs into the European digital economic space. The proposed methodological approach can serve as a practical analytical tool for strategic cybersecurity budgeting and investment decision-making in the process of European economic integration.


Sponsorship: 


The authors received no direct funding for this research.


URI: 


http://elartu.tntu.edu.ua/handle/lib/52482


ISSN: 


2223-3822


Copyright owner: 


Scientific Journal "Socio-Economic Problems and the State"


URL for reference material: 


http://sepd.tntu.edu.ua/images/stories/pdf/2026/26soaedm.pdf
https://doi.org/10.1111/j.1540-6261.1952.tb01525.x
https://doi.org/10.2307/2977928
https://www.verizon.com/business/resources/reports/dbir/
https://zipdo.co/
https://www.enisa.europa.eu/
https://zakon.rada.gov.ua/laws/show/984_008-16#Text
https://zakon.rada.gov.ua/laws/show/9a3_001-22#Text
https://digital-strategy.ec.europa.eu/en/policies/digital-services-act
https://digital-markets-act.ec.europa.eu/index_en
https://digital-strategy.ec.europa.eu/en/policies/data-act
https://digital-strategy.ec.europa.eu/en/policies/desi
https://doi.org/10.1007/978-3-032-10477-9_16
https://www.sangfor.com/blog/cybersecurity/data-breach-cost-2025
https://www.totalassure.com/blog/cyber-attacks-on-small-businesses-statistics-2025


References (International): 


1. Markowitz H. M. Portfolio Selection. The Journal of Finance. 1952. Vol. 7, No. 1. P. 77–91. DOI: https://doi.org/10.1111/j.1540-6261.1952.tb01525.x
2. Sharpe W. F. Capital Asset Prices: A Theory of Market Equilibrium under Conditions of Risk. The Journal of Finance. 1964. Vol. 19, No. 3. P. 425–442. DOI: https://doi.org/10.2307/2977928
3. Kerzner H. Project Management: A Systems Approach to Planning, Scheduling, and Controlling. 13th ed. Hoboken, NJ : John Wiley & Sons, 2022.
4. Humphrey W. S. Managing Technical People: Innovation, Teamwork, and the Software Process. Reading, MA : Addison-Wesley, 1997.
5. Verizon. 2025 Data Breach Investigations Report. URL: https://www.verizon.com/business/resources/reports/dbir/ (accessed: 18.01.2026).
6. ZipDo Education Reports 2026. Small Business Cyber Security Statistics. URL: https://zipdo.co/ (accessed: 20.01.2026).
7. ENISA. Cybersecurity Threat Landscape for SMEs. URL: https://www.enisa.europa.eu/ (accessed: 22.01.2026).
8. Uhoda mizh Ukrainoiu ta Yevropeiskym Soiuzom pro uchast Ukrainy u prohrami «Tsyfrova Yevropa» [Agreement between Ukraine and the European Union on Ukraine’s participation in the Digital Europe Programme]. URL: https://zakon.rada.gov.ua/laws/show/984_008-16#Text (accessed: 24.01.2026).
9. Dyrektyva Yevropeiskoho Parlamentu i Rady (IeS) 2022/2555 vid 14 hrudnia 2022 roku [Directive of the European Parliament and of the Council (EU) 2022/2555 of 14 December 2022]. URL: https://zakon.rada.gov.ua/laws/show/9a3_001-22#Text (accessed: 24.02.2026).
10. Digital Services Act. URL: https://digital-strategy.ec.europa.eu/en/policies/digital-services-act (accessed: 30.01.2026).
11. Digital Markets Act. URL: https://digital-markets-act.ec.europa.eu/index_en (accessed: 10.02.2026).
12. Data Act. URL: https://digital-strategy.ec.europa.eu/en/policies/data-act (accessed: 10.02.2026).
13. Digital Economy and Society Index (DESI). URL: https://digital-strategy.ec.europa.eu/en/policies/desi (accessed: 12.02.2026).
14. Strutynska I., Kozbur H., Melnyk L., Dmytrotsa L., Sorokivska O. Bridging the Digital Divide: A Tailored Digital Maturity Model for SME Transformation // Ermolayev V. et al. (eds.). Information and Communication Technologies in Education, Research, and Industrial Applications. ICTERI 2025. Communications in Computer and Information Science. Vol. 2763. Cham : Springer, 2025. DOI: https://doi.org/10.1007/978-3-032-10477-9_16
15. How Much Will a Data Breach Cost in 2025? | Cybersecurity Insights. URL: https://www.sangfor.com/blog/cybersecurity/data-breach-cost-2025 (accessed: 14.02.2026).
16. Cybersecurity Statistics For Small Businesses 2025. URL: https://www.totalassure.com/blog/cyber-attacks-on-small-businesses-statistics-2025 (accessed: 14.02.2026).


Content type: 


Article


Appears in Collections:


Scientific Journal "Socio-Economic Problems and the State", Vol.34, No.1

pdf


 

Journal is indexed by:

google_scholar
elartu_en
wiki_en
pbn
Пошук у EBSCO