Classification of cyber risks in accounting

Volodymyr Muravskyi, Nataliia Pochynok, Volodymyr Farion


Introduction. The complexity of information processes in accounting and the improvement of computer and communication technologies led to the variation of accounting information cyber threats. The traditional classification of cyber threats does not include the multifaceted nature of accounting, and therefore is uninformative for the purposes of organizing effective cybersecurity of enterprises.

Purpose. The main aim is to improve the classification of cyber risks through the generalization and systematization of cyber threats relevant to accounting information.

Methods. In the process of the systematization of variable cyber threats in accounting, general scientific empirical, logical and historical methods of cognition of socio-economic processes were used. The article is based on general methods of research of socio- economic information from the standpoint of accounting and cybersecurity. The information basis of scientific research is historical resources about the cyber threats classification, scientific works of domestic and foreign scientists about dividing threats of accounting into types.

Results. It is proved that effective cyberprotection of enterprises requires prompt and adaptive consideration of variable cyber threats in accounting. The classification of cyber threats of accounting information has been improved by distinguishing classification criteria: randomness, purposefulness, information and financial interest, territoriality, source, origin, objectivity, objectivity, scale, form of implementation, criminality, aspect, prolongation, latency, and probability. The importance of using the above classification of cyber risks, which comprehensively characterizes the cyber threats of accounting information, for the purposes of developing measures to prevent, avoid and eliminate potential consequences.

Discussion. It is important to improve the classification of accounting information users   for organize the enterprises cybersecurity, which requires further research and development of an actions set to ensure cyberprotection of the accounting system.

Ключові слова

accounting; cybersecurity; classification of cyber threats; cyber risks of accounting information

Повний текст:



The 2019 Kearney Global Services Location Index. Digital resonance: the new factor influencing location attractiveness. URL: transformation/gsli/2019-full-report.

Main incidents in the EU and worldwide. ENISA Threat Landscape. URL: https:// review-folder/etl-2020-main-incidents [In English].

Schmitt Michael. (2012). Classification of Cyber Conflict. Journal of Conflict and Security Law. 17 (2). 245-260. 10.1093/jcsl/krs018 [In English].

Steingartner William & Galinec Darko. (2021). Cyber Threats and Cyber Deception in Hybrid Warfare. Acta Polytechnica Hungarica. 18. 25-45. 10.12700/ APH.18.3.2021.3.2 [In English].

Mustafa, Nasir. (2020). Cyber Risk and Covid-19: Managing Cyber Risks Arising From The Pandemic. Brighttalk Webinar Series. Project: Coronavirus CoV-19 to CoV-20 Pro. 10.13140/RG.2.2.12218.82886 [In English].

Asieieva, Yu. (2020). Problem questions of cyber-addictions classification. Psychology and Personality. 2. 23-40. 10.33989/2226-4078.2020.2.211910 [In English].

Sheehan Barry, Murphy Finbarr, Kia Arash & Kiely Ronan. (2021). A quantitative bow-tie cyber risk classification and assessment framework. Journal of Risk Research. 1-20. 10.1080/13669877.2021.1900337 [In English].

Prakash Febin, Baskar Kala & Sadawarti Harsh. (2019). Cyber Crime: Challenges and its Classification. International Multi-disciplinary Academic Research Conference (IMARC-2019). 2–4 [In English].

Haque Md, Haque Shameemul, Kumar Kailash & Singh Narendra. (2021). A Comprehensive Study of Cyber Security Attacks, Classification, and Countermeasures in the Internet of Things. 63-90. 10.4018/978-1-7998-4201-9. ch004 [In English].

Baranenko R.V. (2021). Cyber attacks as a form of cyber terrorism. Scientific notes of Taurida National V.I. Vernadsky University. Series: Technical Sciences. 1. 45-50. 10.32838/2663-5941/2021.1-1/07 [In English].

Shpak V.A. Orhanizatsiia zakhystu oblikovoi informatsii [Orhanizatsiia zakhystu oblikovoi informatsii]. Bukhhalterskyi oblik, analiz ta audyt: problemy teorii, metodolohii, orhanizatsii – Accounting, analysis and audit: problems of theory, methodology, organization. 2015. 2. 181-187. URL : boaa_2015_2_27 [In Ukrainian].

Lee GyungMin, Shim ShinWoo, Cho ByoungMo, Kim TaeKyu & Kim Kyounggon. (2020). The Classification Model of Fileless Cyber Attacks. Journal of KIISE. 47. 454-465. 10.5626/JOK.2020.47.5.454 [In English].

Viter S. A., Svitlyshyn I. I. (2017). Zakhyst oblikovoi informatsii ta kiberbezpeka pidpryiemstva [Protection of accounting information and cybersecurity of the enterprise]. Ekonomika ta suspilstvo : elektronne naukove fakhove vydannia – Economy and society: electronic scientific professional publication. 11. 497–502 [In Ukrainian].

Rozheliuk V.M. (2013). Zakhody zabezpechennia zakhystu oblikovoi informatsii [Measures to ensure the protection of accounting information]. Bukhhalterskyi oblik, analiz ta audyt: problemy teorii, metodolohii, orhanizatsii – Accounting, analysis and audit: problems of theory, methodology, organization. K.: PP «Ruta», 335-340 [In Ukrainian].

Strupczewski, Grzegorz. (2021). Defining cyber risk. Safety Science. 6. 135. 10.1016/j.ssci.2020.105143 [In English].

Denha S. M., Veryha Yu. O. (2004). Zakhyst informatsii v komp`yuternykh informatsiinykh systemakh bukhhalterskoho obliku [Information protection in computer information systems of accounting]. Bukhhalterskyi oblik i audyt – Accounting and auditing. 5. 59-65 [In Ukrainian].

Zinkevich V., Shtatov D. (2007). Informacionnye riski: analiz i kolichestvennaja ocenk [Information risks: analysis and quantitative assessment]. Buhgalterija i banki – Accounting and banks. 1. 50–55 [In Russian].

Zakon Ukrainy «Pro osnovni zasady zabezpechennia kiberbezpeky Ukrainy» [Law of Ukraine «On Basic Principles of Cyber Security of Ukraine»]. вOctober 5, 2017. № 2163-VIII. URL: [In Ukrainian].

Volosovych S., Klapkiv L. (2018). Determinanty vynyknennia ta realizatsii kiberryzykiv [Determinants of the origin and implementation of cyber risks]. Zovnishnia torhivlia: ekonomika, finansy, pravo – Foreign trade: economics, finance, law. 3. 101–115. URL: [In Ukrainian].

Pidsumky 2018 roku v tsyfrakh [Results of 2018 in figures]. URL: https://cyberpolice. [In Ukrainian].

Tsimperidis Ioannis, Yucel Cagatay, Katos Vasilios. (2021). Age and Gender as Cyber Attribution Features in Keystroke Dynamic-Based User Classification Processes. Electronics. 10. 835. 10.3390/electronics10070835 [In English].

Zadorozhnyi Z.-M., Muravskyi V., Shevchuk О. and Muravskyi V. (2020). The accounting system as the basis for organising enterprise cybersecurity. Financial and credit activity: problems of theory and practice. 3. 147-156. 10.18371/fcaptp. v3i34.215462 [In English].



  • Поки немає зовнішніх посилань.