Journal of Business Management & Change Summer 2020

JBMC

Journal of Business Management & Change Summer 2020

A Publication of the WBM Conference Series Edited by Emin Ozkan, Ph.D

JBMC

The Journal of Business Management and Change is a publication of the WBM Conference series focusing on leading- edge research on the Business and Management Disciplines http://www.wbmconference.net

Journal of Business Management & Change Summer 2020

Library of Congress ISSN: 1967-6839

Cover Photo:

San Francisco in Abstract

J B M C I N D E X / S P R I N G 2 0 2 0

Papers Pages

Cocoa’s Bittersweet Supply Chain 3 - 15 Lisa M Spencer, Ph.D.

Financial Performance of Socially Responsible Companies 16 – 29 Tzu-Man Huang, Ph.D; David Zhu, Ph.D; & Sijing Zong, Ph.D

Determining if there is a Relationship between How Much Time a Faculty 30 – 40 Member Spends Assessing Student Assignments and Final Grades at a Rural University: A One Year Analysis Gary F. Keller, Ph.D & Allen Klingenberg, Ph.D

Cybersecurity, Ethics, best Practices, & Risk Management in Small Businesses 41 – 63 and New Ventures: A Research Review, Organization & Management Sumeet Jhamb, Ph.D & Agnes Tobey

Cocoa’s Bittersweet Supply Chain

Lisa M. Spencer Craig School of Business California State University, Fresno

Abstract

Despite well-intentioned programs and sizeable investments by major players in the global chocolate industry, the West African cocoa supply chain is still plagued by child labor, deforestation, poorly executed certification programs, and difficulties tracing cocoa beans back to the farms from which they came. A variety of solutions are touted to offer hope in addressing these endemic problems. Digital payment systems are among the most promising, providing benefits to farmers and increasing traceability within the supply chain.

Keywords: Cocoa, West Africa, chocolate industry, supply chain management, sustainability, child labor, ethics, digital transactions, traceability

INTRODUCTION

Once asked how important cocoa is to those living in Ivory Coast, government representative N’Zi Kanga Remi replied, “It doesn’t make sense to ask an Ivorian what cocoa means to him! It means everything! It’s his first source of income! My education was funded by cocoa! Our houses are built with cocoa! The foundations of our roads, our schools, our hospitals is cocoa! Our government runs on cocoa! All our policy focuses on sustaining cocoa!” (Whoriskey & Siegel, 2019) Two decades ago leaders in the chocolate industry, representing companies like Nestle, Mars, and Hershey, vowed to improve their cocoa supply chains in West Africa, where most of the world’s cocoa originates. At the top of the list was the lofty but admirable goal of eliminating child labor so the roughly two million children working on cocoa farms could instead be in school. Other more recent objectives included halting deforestation, teaching farmers better growing practices, and improving life in cocoa communities. Despite great effort, much of the chocolate eaten by consumers in the developed world still starts in the hands of child laborers. Large expenditures by chocolate companies did not rid supply chains of underage workers, and evidence suggests that in some areas the problem has grown even worse. Chocolate companies still struggle to trace their supply chains back to the individual farms that produced the beans they purchase. Without traceability, it is hard to know if child labor was used or not. Even when the beans are traceable, certifying that beans are free from child labor is problematic for other reasons. Extreme poverty in cocoa producing nations generates endemic challenges that are not easily overcome. (Whoriskey & Siegel, 2019) The crux of the problem is that too many West Africans depend on cocoa for their livelihood, and too few global consumers are willing to pay more for their chocolate.

COCOA INDUSTRY OVERVIEW

The global chocolate industry generates sales of over $107 billion a year with strong growth forecast for the next five years. Major players include Nestle, Mars, Hershey, Mondelez, and Godiva, as well as numerous niche companies. All of these chocolate companies rely on a steady supply of cocoa grown mainly in developing countries. (Odijie, 2019) About sixty percent of the world’s cocoa comes from West Africa, home to about two million cocoa farms, with most grown in Ivory Coast and Ghana. Ivory Coast holds the biggest share at 30 percent, and cocoa is its number one export. Cocoa is Ghana’s third largest export, following gold and crude oil. Significant amounts of cocoa also come from Ecuador, Cameroon, Nigeria, Indonesia, Brazil, Mexico, and Peru. (Wexler, 2019) Worldwide, about 4.85 million tons of cocoa was processed for the 2018-2019 growing season which ended in September, making it the largest crop on record since 1960. Cocoa’s performance in commodity markets has been strong, and the 2019-2020 harvest looks promising as sufficient rain in West Africa erased worries of a dry season. (Wallace, 2019) Price per metric ton varied in recent years from $1,800 in 2017 to over $3,250 in the 2015-2016 season. At the beginning of 2020, it stood at $2,500 per metric ton. (Wexler, 2019)

COCOA SUPPLY CHAIN

In West Africa, about two million farmers and their families grow cocoa trees in fields and dry the beans after harvest. October marks the beginning of the main harvest season. Yellow cocoa pods are cut from the trees and split open with machetes, and the pulpy beans are removed. They are laid out on chicken wire or reed trays to dry, becoming darker as they ferment. Once dry, they are measured into jute sacks and travel to cocoa processing facilities in the United States and Europe. (Ryan, 2019) Individual farmers sell cocoa beans in 140 pound sacks to local middlemen who aggregate beans from surrounding communities. The price paid to farmers is set by the government. Middlemen then sell the beans to the government which makes them available to cocoa processors. Processors convert the beans into cocoa powder or cocoa butter for use in many food products. Chocolate companies like Hershey and Mars then buy the cocoa products for use in their candies. (Wexler, 2019)

LIFE OF WEST AFRICAN COCOA FARMERS

Poverty is a root problem of many of the day-to-day struggles of West African farmers, and for a variety of reasons, some are worse off now than in the 1970’s and 1980’s. Endemic issues cause stubborn problems in the supply chain that are difficult for chocolate companies to solve even when large amounts of money are spent. (Odijie, 2019) Sources such as World Bank and Fairtrade, a cocoa certification entity, report the small West African farmer’s cocoa income at $1,900 to $2,000 a year. Describing it another way, a World Bank report found that 80 percent of cocoa farmers in West Africa live on less than $3/day. (Wexler, 2019) Another report suggests that a typical farmer earns about $0.78 per day from cocoa farming, about enough to purchase one Kit Kat bar. (Adams, 2019) More income may come from other sources, such as farming other types of crops or perhaps from earning slightly more from the cocoa itself. (Ryan, 2019) While cocoa prices move up and down in world markets, daily living expenses for farmers seem to only increase, as does the cost of running their farms. Chemicals, equipment, and labor make up the biggest expenses. (Wexler, 2019) Most West African farms are small, ranging between five to 12 acres, and lack modern farm equipment and practices. Some farmers are sharecroppers, keeping about a third of the crop’s value and turning the rest over to landlords. (Ryan, 2019) In rural areas, many residents lack electricity, and some villages do not have a water pump or safe sanitation practices. (Adams, 2019) UNESCO cites the Ivorian literacy rate around 44 percent. Living in such extreme poverty makes it hard for parents to pay school fees for their children. Instead it often requires the work of the whole family to grow the cocoa. (Whoriskey & Siegle, 2019)

PROBLEMS AND SUSTAINABILITY ISSUES

There are two main issues that sustainability programs initiated by chocolate companies, West African governments, and private organizations are working to address: deforestation and the use of child labor. In addition, programs often seek to help farmers learn better farming techniques and to raise the quality of life in cocoa communities.

Deforestation

Tropical forestland is required to grow cocoa, but farmers are no longer allowed to expand into new areas. In the past, new farmland was carved out of the forests using a slash and burn approach. When existing farmland grew infertile, new forested areas were cut down, burned, and planted with cocoa. New farmland was richer and less troubled by disease or pests; thus, it yielded more cocoa at a lower cost. Whereas there were nearly 40 million acres of forest in Ivory Coast in 1960, by 2005 there were fewer than five million. (Odijie, 2019) One problem is that in Ivory Coast, for instance, as much as 500,000 tons of cocoa, equating to 18.5% of the country’s total production, is farmed illegally in protected forest areas. (George, 2020) For farmers who opt to produce legally, by contrast, no new land is available, so they have to rework their existing plots of land. Rework requires more labor, fertilizers, and pesticides, and if therefore much more expensive than moving to new areas. In fact, it costs about twice as much now to replant as in the past, and the process can take up to three times as long. Unfortunately, farmers cannot pass their increased costs along to the middlemen who buy their beans, since the beans are sold at a fixed price. Because of this, farmers’ living standards have decreased over the recent decades. (Odijie, 2019) A different approach was tried in Ghana. There, the government’s cocoa marketing board (COCOBOD) implemented a spraying program to fight pests and diseases, subsidized the cost of fertilizers, and received some support from multinationals. Farmers did not become poorer, but the cocoa board finds itself deeply in debt. (Odijie, 2019) As farmers try to keep their tiny farms profitable throughout West Africa, they often turn to child labor. Thus, some of the deforestation “solutions” have actually spurred on the other and arguably greater problem, the use of child labor.

Child labor

Endemic and with no easy solution, child labor keeps the cocoa farms going. Research from the U.S. Labor Department indicates about two million children are employed in West African cocoa farms, a figure many say has risen over the years despite all the money and effort from the global chocolate industry and regional governments. Most of these children are working on their families’ farms, helping make ends meet by providing much needed labor. However, the work they do is often dangerous, such as using machetes to cut down and split open the cocoa pods, spraying chemicals, or carrying hundred-pound bags of cocoa beans. In addition, “bosses” traffic in other children from Burkina Faso, which lies to the north of Ivory Coast and Ghana. A 2018 study by a Tulane University researcher suggests there may be as many as 16,000 of these children in Ivory Coast alone. An open border agreement between Ivory Coast and neighboring countries resulted in as many as 1.3 million people from Burkina Faso and 360,000 from Mali crossing over to a country which, poor as it is, represents a hope of something better than the even more destitute situations in their homelands. (Whoriskey & Siegle, 2019) While children of the farmers may forego some or all of their schooling to participate in the cocoa fields, for migrant children the situation is far graver. Living far from home, not attending school, and often not allowed to leave to see their families, they spend their days doing arduous work in the cocoa fields and their nights sleeping in huts in the woods. Some children say they have been threatened or been physically harmed by the bosses. (Whoriskey & Siegle, 2019) The parents of the trafficked children may initially be paid a few hundred dollars to allow the bosses to take them to neighboring counties to work the cocoa fields. Sometimes the children themselves are enticed with money or other things, such as bicycles, which they may not ever actually receive. Bosses are paid around nine dollars a week per child employed by an Ivorian farmer. The child may see about half of that, meaning he is working for less than a dollar a day. (Whoriskey & Siegle, 2019) “There is no money in Burkina…We came here to be able to have some money to eat,” explained one young worker. (Whoriskey & Siegle, 2019) The children may be as young as ten or 11. It is hard to know for sure, because no records exist for as many as forty percent of babies born in Burkina Faso. As a result, many children lack identification documents. (Whoriskey & Siegle, 2019) Nick Weatherill, head of International Cocoa Initiative, which seeks to eliminate child labor, verifies that the “compulsion to migrate is often driven by conditions of hardship where they live.” (Whoriskey, October 23, 2019) While it is illegal in Ivory Coast to employ these trafficked children, it is commonplace none-the-less. In July 2019, the governments of Ivory Coast and Burkina Faso created new policy allowing Ivorian officials to return children coming into the country unaccompanied to work on cocoa farms. As of October of 2019, some incoming busses have been turned around and the children on them returned home. (Whoriskey, October 23, 2019) Although Mars, Hershey, and Nestle promised to stop using child labor nearly twenty years ago, the problem persists, with no simple solutions in sight. To provide for their families, most farmers need their children to help out with the cocoa chores, even if they do attend school during the day. Trafficked children may provide much of the remainder of the labor needed to keep many of the farms going. (Adams, 2019)

SUPPLY CHAIN OVERSIGHT

Harkin-Engel Protocol

In 2001, the U.S. Congress put pressure on American chocolate companies to address issues of child labor and deforestation in their supply chains. To avoid federal legislation mandating labelling requirements that would have indicated whether children had been used to grow or harvest the cocoa, chocolate companies as well as Ivory Coast officials signed the Harkin-Engel Protocol. In this agreement, chocolate companies pledged to self-regulate their practices and eliminate child labor in their cocoa bean supply chain by 2005. Whether well-intentioned or simply desperate to avoid labelling guidelines that would expose them to even more public censure, the chocolate companies undertook a task that was probably much bigger than they could have imagined. In addition to the fact that the use of child labor on family farms was common practice and in fact essential for the survival of many of the small West African cocoa farms given the dearth of alternatives, no mechanism was in place to trace the supply of beans purchased to individual farms. Hershey and Nestle are among the most successful in this area, able to trace about half of their cocoa back to individual farms, but Mars trails with a scant 24 percent, despite all its efforts. (Whoriskey & Siegel, 2019) In reality, all three have their work cut out to untangle and trace their complex cocoa supply chains. In 2012 and again in 2016, the Ivorian government enacted policies defining child labor and setting penalties in place. Rural schools were built and crackdowns on child trafficking were attempted. Sadly, however, limited resources, including an annual budget of $5,000, rendered these policies essentially useless, as they are seldom enforced. (Whoriskey & Siegel, 2019) Since that time and several more missed deadlines, the goal set in 2010 is to reduce the use of child labor 70 percent by 2020, an objective which will most certainly not be met. The U.S. Labor Department’s most recent study in 2015 showed that there were 2.1 million children working, as compared to 1.8 million in the 2009 survey. One bright spot in this bleak picture was an improvement was in school attendance in Ivory Coast, up from 59 percent to 70 percent. (Whoriskey & Siegel, 2019)

Third-party certification

As American chocolate companies sought ways to determine and verify the origins of their cocoa beans, they turned to several certification groups to assist with the task. They aimed to show that farms were not on nationally protected forests, child labor was not being used, and safe and sanitary programs existed for farm workers. Farmers who met the standards would be able to advertise that their cocoa was certified and would to varying degrees command a slightly higher price. Fairtrade was the first of these certification labels for cocoa, beginning its work in 1994. Utz is now the largest, but it recently was censured for serious lapses in its processes, and in 2018 it merged with the third group, Rainforest Alliance. Each of these nonprofit groups issues guidelines for cocoa farmers to follow. Independent auditors are authorized to conduct inspections, and those farmers that pass receive a label indicating their compliance with good business practices. (Whoriskey, October 23, 2019) In addition, farmers may receive a bit of extra money for their cocoa. Cocoa beans with the Fairtrade label typically bring farmers a price about 10 percent higher than otherwise. Premiums also help improve life in farming communities in other ways. In 2019, a $240 premium which is added to Fairtrade chocolate, is invested in social and economic projects. For instance, the Cayat co-op, which consists of over 3,000 farmers in 38 villages, has used past Fairtrade premiums to diversify into poultry and egg production, and as a byproduct, also sells fertilizer to 100 farms. Other investments in nursery schools frees young women to work and help raise their families’ standard of living. Some research suggests that educating and empowering women, who often perform up to 15 of the 18 steps in the cocoa growing and harvesting process, is one of the most effective ways to affect change in traditionally patriarchal societies. (Adams, 2019) The chocolate industry hoped the third-party certification process would add much needed watchdogs to a vulnerable supply chain and enable consumers to buy more confidently, knowing their cocoa was sourced without child labor or unsafe or unsanitary conditions for workers. (Whoriskey, October 23, 2019) By the end of 2018, Mars reported that about half of its cocoa supply was certified, Hershey boasted 80 percent, and Nestle accomplished 46 globally and 80 percent among its Ivory Coast farmers. (Whoriskey & Siegel, 2019) However, overall some estimate that less than 25% of the cocoa produced in Ivory Coast cannot be traced to the farms from which it came, and most is sold by local aggregators in bulk shipments to cocoa buyers. (George, 2020) While Utz grew to be the largest third-party certifier, granting its label to about 65 percent of the global market for certified cocoa in 2018, farmers of that cocoa saw much lower premiums than those with the Fairtrade certification. Hundreds of thousands of farmers “earned” the Utz label, but recent disclosures about corrupt practices by four of its auditing firms call many of those certifications into question. Utz certified farms were often found to be inside protected forests in Ivory Coast, for instance, and child labor appeared to be at least as prevalent on Utz certified farms as on uncertified farms in two separate studies. (Whoriskey, October 23, 2019) The certification process is understandably riddled with challenges, including the fact that the West African cocoa farms are spread across some 100,000 square miles of territory. (Adams, 2019) Even in the best of circumstances, auditors like Utz or Fairtrade typically sample only about ten percent of farms in any given group seeking certification. For instance, a co-op may consist of 1,000 small farmers, yet fewer than 100 will be inspected. (Whoriskey, October 23, 2019) Since inspections are generally announced in advance, farmers simply hide child laborers until the inspectors are gone. According to a 2017 report by Nestle, “Put simply, when the [certification] auditors came, the children were ushered from the fields, and when interviewed, farmers denied they were ever there.” (Whoriskey & Siegel, 2019) Sometimes farmers bribe auditors or issue death threats if certifications aren’t provided. It’s a dangerous and costly “game,” because farmers have a lot at stake. Getting certified can mean $80 more per metric ton sold. (Whoriskey, October 23, 2019) Poverty and illiteracy make it difficult to enforce ideals which are laudable and generally commonplace in Europe and the U.S., but very difficult to realize in a developing country such as Africa. Farmers may be required to follow a complex set of rules and guidelines to achieve and maintain third-party certification. Lucas Simons, global program director of Utz in 2008 explains, “These people are poor—for them it’s a matter of survival. If people cannot read or write, if they make just 70 cents a day, and we come with 35 pages of requirement that they must meet, we are not creating a sustainable economy.” (Whoriskey, October 23, 2019) Francois Ruf, who researched and co-authored a 2013 report which was sponsored in part by Utz, explains, “Consumers believe that by buying certified cocoa they are doing something good for the environment, or children, or farmers, but that is a fiction.” (Whoriskey, October 23, 2019) His viewpoint is seconded by another researcher, Charity Ryerson, who states, “Certification misleads consumers to believe that farmers earn a living wage, their children go to school, and labor conditions are decent. From the perspective of a farmer living in abject poverty, this is morally outrageous.” (Whoriskey, October 23, 2019)

SUSTAINABILITY INITIATIVES UNDERTAKEN BY CHOCOLATE COMPANIES

While it appears that serious lapses have occurred in the certification process, the news is not all grim. In some instances, evidence exists of positive changes that have occurred as a result of Fairtrade certification or efforts by the chocolate companies to improve the lives of those in farming communities.

Mars

Mars took a bold step forward with its “Cocoa for Generations” program, promising to invest a billion dollars over a decade to help repair a supply chain it openly calls “broken.” By 2025, Mars plans to sustainably source all its cocoa. To halt deforestation of protected forests, Mars will require its cocoa to be fully traceable. Towards this end it will use GPS mapping and continue to employ third-party verification. As of 2018, about half of its cocoa was certified, but Mars is working hard to enlarge the scope of its sustainability efforts. It is ironic, however, that as Mars teaches farmers to plant higher-yielding trees and use more advanced farming methods, increased productivity and increased supply have been criticized for pushing prices down. Because of this, Mars hopes increased partnership with and oversight by the African governments will help guarantee fair pay for farmers even if productivity improves further. (Ionova, 2018)

Hershey’s

Hershey’s reports that as of 2018, it bought over 75 percent of its cocoa from certified and sustainable sources, with plans to bring that to 100 percent in the next few years. In 2018, Hershey’s also launched a massive sustainability initiative to sweeten its image with consumers and better the lot of cocoa farmers, devoting $500 million dollars through 2030 via its “Cocoa for Good” program. (Perez and Chasen, 2018) Four specific goals include providing nutritious food for children, eliminating child labor, economically empowering women, and teaching farmers how to increase productivity. For instance, shade-grown cocoa trees can yield harvests for up to 15 years longer than trees grown in the full sun. Improved methods that raise productivity mean farmers increase yields without taking over any additional forest land. (Myers, 2018) To battle hunger and encourage school attendance, within six months of the program’s inception Hershey’s was providing packets of Vivi, a vitamin enriched nut paste snack, to 50,000 school children in Ghana every day. It also helped build five schools, supported 31 other educational facilities, and taught 9,000 West African farmers better business skills. (Myers, 2018)

Tony Chocolonely

A small-scale experiment is taking place as Dutch-owned Tony Chocolonely pays a 40 percent premium for its beans in hopes of securing a living wage for farmers. The company claims this increases the price of its chocolate bars by less than ten percent. Paul Schoenmakers, driver of Tony Chocolonely’s sustainability program, expresses the company’s sentiments, saying, “Nobody needs chocolate. It’s a gift to yourself or someone else. We think its absolute madness that for a gift that no one really needs, so many people suffer.” (Whoriskey & Siegel, 2019) For this tiny, niche business that purchases only 7,000 tons of cocoa a year, this approach works. However, larger chocolate companies may be leery of paying too large a premium for their cocoa, if competitors source cocoa more cheaply and price-sensitive consumers aren’t willing to pay higher prices. (Whoriskey & Siegel, 2019)

OTHER ALTERNATIVES:

Farmers encouraging school attendance

Local farmers are acting as liaisons to encourage children to return to school in a program that affects 200,000 farms in West Africa. These farmers, rather than police, are paid to monitor child labor and school attendance. In the first three years of this program, reports suggest child labor has decreased in these farms by 30 percent. (Whoriskey & Siegel, 2019)

Crop diversification

Many observers believe crop diversification is a key component of any meaningful change in the living standard of West African farmers and the use of children in the fields. Some have even said that cocoa “sustainability” efforts actually harm farmers by encouraging them to continue farming cocoa, so as to maintain an abundant global supply, rather than farming other crops which might enhance their own living standards. While that may be true in part, the accusation may not be entirely fair, as some of the chocolate industry’s programs do in fact teach and encourage crop diversification. Crops such as palm oil or rubber can be grown without requiring further incursions into forested areas, use of extra fertilizer, or added costly labor. (Odijie, 2019)

Paying farmers more via COPEC

One fairly obvious way to reduce the use of child labor, help farmers to afford school fees, and lift farmers and their families from their abject poverty is to pay them more for their cocoa. For only the second time in five decades, a cocoa cartel has been formed, with a price premium to take effect for the cocoa that will ship beginning in October 2020. Ivory Coast and Ghana agreed to charge a premium of $400 per metric ton, and the government promises farmers about $1,800 per metric ton. When cocoa prices are high enough, the premium will be set aside as a “rainy day fund” to be used to ensure a decent income for farmers when prices drop. In early January 2020, cocoa cost $2,500 per metric ton, a figure which includes freight costs. Some experts describe the premium as a $1.2 billion tax on the cocoa industry, given that together, Ivory Coast and Ghana produce about three million metric tons of cocoa a year. Others have labeled the premium “the biggest overhaul of the global cocoa market in decades.” (Wexler, 2020) Consumers can expect the price of candy bars, ice cream, and other products which use cocoa to increase, and cocoa processors are already increasing prices in front of the expected premiums. Cocoa processors will simply pass their increased cost on down the supply chain. Some processors are also scouring the market for other cocoa sources, while other cocoa-growing countries mull the possibility of enacting similar premiums themselves. “The market is scrambling for every good-quality bean outside West Africa,” according to analyst Carlos Mera from Rabobank. (Wexler, 2020) Many large chocolate companies, needing to secure huge quantities of cocoa up to a year in advance, have already begun buying beans at the premium price. Some, like Mars and Hershey, may find these programs in line with their overall sustainability goals, which include trying to improve the livelihood of farmers. However, they are already investing large amounts of money in their own programs, so some observers wonder if chocolate companies may decrease such funding as a result of being forced to pay the new premiums. Other ways companies have coped with higher prices in the past included making chocolate bars smaller or cutting back on their cocoa content, in addition to simply pushing the added costs on to consumers. (Wexler, 2020). COPEC requires careful oversight, and farmers need to be coached not to overproduce, a move which would ultimately bring down prices. Some caution that farmers desperate for money might try to smuggle beans out of the country to sell them if the government officials hoard cocoa in an effort to increase its price. (Wallace, 2019)

Payment digitization and traceability

Cargill and International Finance Corporation (IFC)

Cargill led the way in 2013 with a first of its kind initiative in the cocoa industry to teach farmers much needed management skills to improve their operations. In 2014 the program was expanded with a partnership with IFC that reached out to over 350 co-op leaders. Now, a Co-op Academy 2.0 program is being launched to reach 40 more co-ops, in addition to the 80 that are already working with the program. This new approach includes updated training with even more emphasis on digitalization and traceability. About 35,250 farmers will have access to a digital payments platform which will allow them to access and utilize digital financial services. Cargill seeks to enhance transparency in its own supply of cocoa in the process. There is also a segment of the program dedicated to teaching and empowering women. Plans include coaching 250 women leaders as well as providing resources for up to 3,000 who wish to set up their own small business endeavors. (Cargill, 2019)

Problems with existing payment systems and benefits from digital systems

Until recently, almost all transactions between farmers and licensed buying agents relied on cash, a practice both dangerous and difficult to trace. Both theft and fraud plague the system, and farmers and buying agents alike have been robbed or even killed for their cash. With digital payments, cocoa famers are better able to safely receive funds, and they are also able to use such payments to obtain much needed inputs and planting materials from their own suppliers. Time is saved and productivity improved when farmers don’t have to travel to make purchases with cash but can instead use their phones to pay digitally. (Baghr, 2019) Since most farmers lack any type of banking or credit history, what little credit they have received in the past has come from microfinance organizations or their co-ops. (George, 2020) Now, however, digital payments lay the groundwork for accessing other financial services like savings accounts, credit, or insurance. Farmers can also use digital payments for their everyday household purchases, since grocers, pharmacies, and other shops are increasingly accepting these forms of payment. One farmer and chemical shop owner, Jones Akwasi Yeboah, reports that he likes this payment system, saying, “Payments for my beans and sales of my medicine digitally is faster and my money is secured. The suppliers of my medicine accept digitized payments as well. I can therefore order for more medicine from my suppliers without traveling to the city, Kumasi, which is over 22 miles from here. It saves me time and money.” (Baghr, 2019) Meanwhile, purchasers of cocoa, including major chocolate companies at the end of the supply chain, have a way of tracing cocoa back to the farms from which it came. Farmers who were previously “invisible” in the long and complex chain are becoming identifiable. (Baghr, 2019) One such program is being advanced by the World Cocoa Foundation (WCF) in conjunction with Better Than Cash Alliance. Workshops and technical assistance are offered to member companies on how to make the transaction to digital. Farmers receive informative phone calls advising them of how to pay with mobile money wallets and how this may affect their ability to access digital financial service products. A farmer in Ghana, Daniel Nsiah, happily responded, “Thank you. I did not now that I can access loans from my phone by using mobile money frequently without a collateral.” (Baghr, 2019) In Ghana, the government cocoa board is working with the WCF on another such program so licensed buying companies can digitize their systems. (Baghr, 2019) The aforementioned Cargill has digitized the so-called “delegates,” members of the co-op that live in the farming communities and support the cooperative system. Their responsibilities include onboarding new members, collecting cocoa from farmers, overseeing delivery to the co-op, and ensuring that farmers are paid. Each delegate is given a personal digital assistant (PDA) that interfaces with other technology like digital weighing scales, bar coding systems, and biometric fingerprint sensors. Because of this system, a farmer no longer needs to bring personal identification documents. Rather, when the farmer goes to the warehouse to deliver cocoa, his fingerprint scan verifies his identity. From this, the delegate can see size of farm, number of trees, and average yield along with the farmer’s payment and credit history. After placing each bag of cocoa on the digital scale, the farmer receives a printed receipt and the data goes into the PDA. The delegate then tags the bag to link it with the farmer who is paid once the quality of the beans is verified. The bags move on to Cargill, but each can be traced back to the individual farmer using this digital approach. (George, 2020) Cargill’s approach not only adds much needed traceability to its supply chain, but it provides rich aggregated data, in contrast to vast amounts of little used, disaggregated data that co-ops typically produce in the bean-collection process. On one hand, these technologies are laying the groundwork to make much needed financing available to farmers with commercial banks, which are seeking new ways to analyze the data to determine creditworthiness. Further possibilities, however, include using data to reduce deforestation and the use of child labor. (George, 2020) Now that some co-ops have accurate GPS maps of local farm boundaries, they can better demonstrate that members are not growing cocoa in protected forests. In addition, heat maps showing the yields across growing regions highlight the areas that are most and least productive, helping co-ops know which farmers might need further training or assistance. Knowing the expected yield of each farm also helps mitigate fraud whereby a farmer mixes non-certified beans in with those produced on his own farm. If a given farmer’s yield differs greatly from those in the vicinity, fraud may be suspected. In addition, delegates can easily compare current deliveries with the farmer’s weekly or monthly production from past records. (George, 2020) Cargill also records specific data on a farmer’s children and other dependents, enabling it to better track school attendance and notify the co-ops if it suspects children are not there regularly. In one pilot program, several schools even are using fingerprint sensors to verify attendance. (George, 2020)

CONCLUSION

While there are no quick and easy solutions to the myriad problems in West Africa’s cocoa supply chain, earnest efforts by the government, the cocoa industry, and farmers alike are helping to reshape the system and bring greater accountability and traceability in the future. Much remains to be done, but new technology, training, and awareness may hold the most promising hopes for improving sustainability in an industry that has long struggled to make meaningful change.

DISCUSSION QUESTIONS

1. Why do conditions of child labor exist, despite pledges and deadlines the made by the chocolate industry to correct the problem?

2. Is it realistic to expect West African farmers to not employ their own children? Is there a difference between employing one’s own children versus the children brought in from Burkina Faso? 3. Why is it challenging for a manufacturers like Mars and Hershey to change how the small farmers in the supply chain are conducting business?

4. How should chocolate companies like Mars or Hershey balance the competing concerns of increased productivity and decreased prices due to greater supply as they seek to increase farmer’s yields via education?

5. Why are companies like Mars and Hershey engaging in sustainability initiatives such as those described in the case?

6. How might the sustainability programs of companies like Mars and Hershey actions affect others in the supply chain? How might they affect competitors or customers?

7. What can be done to increase traceability, and how significant a role can digitalization play?

REFERENCES

Adams, T. (February 24, 2019). From bean to bar in Ivory Coast, a country built on cocoa. The Guardian. Retrieved from https://www.theguardian.com/global-development/2019/feb/24/ivory-coast- cocoa-farmers-fairtrade-fortnight-women-farmers-trade-justice

Anonymous. (September 9, 2019). Cargill and International Finance Corporation (IFC) announce Coop Academy 2.0 to empower cocoa producing cooperatives. AfricaNews.com. Retrieved from https://www.africanews.com/2019/09/26/cargill-and-international-finance-corporation-ifc-announce-coop- academy-20-to-empower-cocoa-producing-cooperatives//

Anonymous. (November 14, 2019). COOBOD approves software. GhanaWeb. Retrieved from https://www.ghanaweb.com/GhanaHomePage/business/COCOBOD-approves-software-799227

Baghr, P. (October 8, 2019). Digital Payments: Securing Financial Inclusion for Cocoa Farmers. World Cocoa Foundation. Retrieved from https://cocoainitiative.org/news-media-post/digital-payments-securing-financial- inclusion-for-cocoa-farmers/

George, T. (January 14, 2020). How tech can transform Cote d’Ivoire’s cocoa chain. Global Trade Review. Retrieved from https://www.gtreview.com/magazine/volume-18-issue-1/tech-can- transform-cote- divoires-cocoa-chain/

Ionova, A. (September 19, 2018). Mars aims to tackle “broken” cocoa model with new sustainability scheme. Retrieved from https://www.reuters.com/article/us-cocoa-mars-sustainability/mars- aims-to- tackle-broken-cocoa-model-with-new-sustainability-scheme-idUSKCN1LZ1DZ

Myers, A. (November 5, 2018). Hershey’s Cocoa for Good program already making an impact in West Africa. ConfectionaryNews.com. Retrieved from https://www.confectionerynews.com/Article/2018/11/05/Hershey- s-Cocoa-for-Good-program- already-making-an-impact-in-West-Africa

Myers, A. (October 24, 2019). “Is blockchain the answer for sustainability in the cocoa sector?” Confectionarynews.com. Retrieved from https://www.confectionerynews.com/Article/2019/10/24/Is-blockchain-the-answer-for- sustainability-in-the- cocoa-sector

Odijie, M. (October 10, 2019). West Africa’s cocoa farmers are trapped by the global chocolate industry. Yahoo Finance. Retrieved from https://finance.yahoo.com/news/west-africa-cocoa-farmers-trapped-191640037.html

Perez, M. & Chasen, E. (April 3, 2018). Hershey To Spend $500 Million Making More Sustainable

Kisses. Bloomberg.com. Retrieved from https://www.bloomberg.com/news/articles/2018-04- 03/hershey- to-invest-500-million-in-making-more-sustainable-kisses

Ryan, O. (September 24, 2019). Cocoa farmers in West Africa at mercy of global markets. Financial Times. Retrieved from https://www.ft.com/content/75d656c0-be84-11e9-9381-78bab8a70848

Wallace, J. (October 11, 2019). Premium for Poor Farmers Sweetens Cocoa. Wall Street Journal

Wexler, A. (January 6, 2020). Cocoa Cartel Stirs Up Global Chocolate Market. Wall Street Journal

Writes, T.A. (February 24, 2019). From bean to bar in Ivory Coast, a country built on cocoa. The Guardian. Retrieved from https://www.theguardian.com/global-development/2019/feb/24/ivory- coast-cocoa-farmers- fairtrade-fortnight-women-farmers-trade-justice

Whoriskey, P. (October 23, 2019). Chocolate companies sell ‘certified cocoa.’ But some of those farms use child labor, harm forests. The Washington Post. Retrieved from https://www.washingtonpost.com/business/2019/10/23/chocolate-companies-say-their-cocoa-is-certified- some-farms-use-child-labor-thousands-are-protected-forests/

Whoriskey, P. (October 30, 2019). Doubts about chocolate: U.S. officials investigate whether to block critical cocoa imports. The Washington Post. Retrieved from https://www.google.com/search?q=doubts+about+chocolate%3A+U.S.+officials+investigate+whether+to+bloc k+critical+cocoa+imports&rlz=1C1GCEA_enUS793US793&oq=doubts+about+chocolate%3A++U.S.+officials+in vestigate+whether+to+block+critical+cocoa+imports&aqs=chrome..69i57.19651j1j7&sourceid=chrome&ie=UT F-8

Whoriskey &, P. & Siegel, R. (June 5, 2019). Cocoa’s child laborers. The Washington Post. Retrieved from https://www.washingtonpost.com/graphics/2019/business/hershey-nestle-mars- chocolate-child-labor- west-africa/?utm_term=.caacb20e735d

Financial Performance of Socially Responsible Companies

Tzu-Man Huang, CFA Professor of Finance California State University Stanislaus

David Zhu Associate Professor of Accounting California State University Stanislaus

Sijing Zong Professor of Finance California State University Stanislaus

Keywords: Corporate Social Responsibilities, Socially Responsible Companies, Socially Responsible Investing, Stock Returns, Financial Performance

JEL number: G11, G14, M14

Abstract This study examines stock returns and financial performance of socially responsible companies (SRCs) versus non-socially responsible companies (non-SRCs). SRCs are selected based on the lists of Top 100 Best U.S. Corporate Citizens from Corporate Responsibility Magazine. Non- SRCs are companies under S&P 500 Index but not listed as Top 100 Best U.S. Corporate Citizens. Over our sample period from 2013 to 2017, the stock performance of SRCs is similar to that of non-SRCs. Social responsibility does not have a significant impact on stock returns. In other words, being socially responsible does not compromise stock performance. We also compare financial performance of SRCs versus non-SRCs, including profitability, management effectiveness, liquidity, and leverage. SRCs have higher return on equity, shorter inventory days, and lower liquidity ratios. We suspect that being socially responsible might come with more short-term costs and thus causes SRCs to have lower short-term liquidity. Nonetheless, SRCs seems to be financially stronger in profitability and in management effectiveness. We conclude that social screening can help investors choose financially stronger companies. The literature about financial performance of socially responsible companies seems inconclusive. By providing updated empirical evidence, we hope to have shed some light in this area and encourage socially responsible investing.

Introduction Extreme climate changes and global warming have created challenges to our environment in various aspects, bringing people to realize the limited resources we share on this earth. Individuals, as well as corporations, start to consider environmental, social, and governance (ESG) factors while making decisions, including investment decisions. Socially responsible investing refers to sustainable or ethical investment strategies that seek both financial returns and positive impacts to the environment or society. Socially responsible investing has gained attention and become popular in financial markets in recent decades. People often think that being socially responsible comes with costs, which might lead to smaller profits or lower returns. Can companies do well while doing good? Do we have to compromise financial returns for being socially responsible? When companies take environments, communities, and employees into consideration in decision making, they are less likely to be inversely affected by fines, public backlash, or boardroom turmoil. We can argue that with the ESG minded management, such organizations might incorporate more long-term strategic thinking and outperform in the long run. Therefore, investing in such socially responsible companies might lead to superior investment returns in the long run. As social responsibility gains the spotlight in recent decades, the literature about socially responsible companies and socially responsible investing is quite new. Some studies argue that socially responsible companies outperform. For stock returns, Van de Velde et al. (2005) suggest that high-rated sustainable companies outperform low-rated sustainable companies. Investors are willing to pay a premium for companies with certain sustainable company strategies, such as maintaining a good relationship with shareholders, clients, and suppliers. Muise (2009) compares stock performance of socially responsible companies (SRCs) to non-SRCs and suggests that SRCs outperform non-SRCs in annual stock returns. Sanker and Wadhwani (2012) and Huang and Zong (2017) also provide empirical evidence that socially responsible companies outperform the market. In terms of financial performance, Ka (2010) finds that socially responsible companies have higher profitability when compared to the market, including return on equity, return on assets, and return on invested capital. At the same time, Vollono (2010) finds a positive relationship between corporate social responsibility and corporate financial performance, including return on assets and market-to- book ratio. Adewale and Sarah (2012) also provide evidence to suggest a positive relationship between social responsibility and return on equity. In addition, Stanley (2011) finds a positive relationship between social responsibility rating and market capitalization. Based on these studies, socially responsible companies tend to outperform in stock returns and financial performance. On the other hand, other studies provide evidence to suggest that socially responsible companies do not outperform. Chan et al. (2016) find that long-term market performance of socially responsible firms and non-socially responsible firms is similar; difference in abnormal returns is insignificant. Revelli and Viviana (2013) argue that there is no apparent link between socially responsible investing and financial performance. Similarly, Oppong (2014) examines the relationship between corporate social responsibilities and financial performance, including turnover, growth rate, net profit, return on equity, and number of employees. Oppong concludes that there is no significance relationship between corporate social responsibility standing and financial performance. Some studies even warn investors the potential costs of being socially responsible and argue that socially responsible companies underperform. For example, Dravenstott and Chieffe (2011) find evidence that socially responsible companies underperform non-socially responsible companies. They argue that social responsibility has a negative impact on stock returns; being socially responsible negatively impacts stock returns. Latinovic and Obradovic (2013) argue that socially responsible investing decreases potential investment pools and thus restricts investors’ benefits from full diversification. Similar arguments also appear in socially responsible mutual funds. Some studies find that socially responsible mutual funds outperform (Ito et al. 2013; Gil-Bazo et al. 2010). Others argue that socially responsible mutual funds underperform (Change et al. 2012; Das and Rao 2013) or there is no significant difference (Mill 2006; Rodriguez 2010; Utz and Wimmer 2014). The literature is inconclusive on financial performance of socially responsible companies and socially responsible investing. We hope to provide updated evidence on this topic. We examine stock returns of socially responsible companies to investigate whether being socially responsible compromises stock performance. We also examine financial performance of socially responsible companies to investigate whether social screening help investors choose financially stronger companies. We obtain the lists of socially responsible companies from Corporate Responsibility Magazine. Top 100 Best U.S. Corporate Citizens are ranked and selected in March every year. Our sample period covers five years from 2013 to 2017. For comparison, we use S&P 500 Index as the proxy for the market. Top 100 Best U.S. Corporate Citizens are grouped into the socially responsible companies (SRCs). For comparison, the companies listed under S&P 500 Index but not selected as Top 100 Best U.S. Corporate Citizens are grouped into the non-socially responsible companies (non-SRCs). The daily stock prices and financial ratios of SRCs and non-SRCs are generated from Datastream. We compare stock returns and financial performance, including profitability, management effectiveness, liquidity, and leverage, of SRCs to those of non-SRCs. We also run regressions to examine whether being socially responsible affects stock returns and financial performance. For stock returns, SRCs seem to have slightly higher average returns when compared to non-SRCs and the market. We run Student’s t-Test on the differences between the returns; the differences are not statistically significant. Our findings support Chan et al. (2016) that the stock performance of SRCs is similar to that of non-SRCs. We further run the regression with the annual stock return as the dependent variable and the social responsibility as an independent dummy variable, while the control variables include year, market, and industry. Our empirical evidence suggests that social responsibility does not have a significant impact on stock returns. In other words, being socially responsible does not compromise stock performance. We also compare financial performance of SRCs versus non-SRCs in profitability, management effectiveness, liquidity, and leverage. Our regression results suggest that SRCs tend to have higher return on equity, shorter inventory days, and lower liquidity ratios. SRCs generate higher return on equity than non- SRCs do. This result supports Ka (2010) and Adewale and Sarah (2012) that SRCs have higher return on equity. SRCs also tend to management their inventories more effectively. At the same time, SRCs seem to have lower short-term liquidity. We suspect that being socially responsible might come with more short-term costs and thus cause SRCs to have lower short-term liquidity. Nonetheless, we conclude that SRCs seems to be financially stronger, especially in profitability and management effectiveness. Social screening can help investors choose financially stronger companies.

Data and Methodology

We obtain the socially responsible company lists from Corporate Responsibility Magazine (Sanker and Wadhwani, 2012). Corporate Responsibility Magazine rates companies and selects Top 100 Best U.S. Corporate Citizens based on seven categories, including environment, climate change, employee relations, human rights, financial performance, corporate governance, and philanthropy and community support. The list is released in March every year. Our sample period covers five years from 2013 to 2017. Some companies are listed in multiple years, while others might change over time. To compare to non-socially responsible companies, we use S&P 500 Index as the benchmark. Basically, we have 100 socially responsible companies (SRCs) listed as Top 100 Best U.S. Corporate Citizens generated from Corporate Responsibility Magazine list every year. Most companies are also listed under S&P 500 Index, but not every company. Using S&P 500 companies as the base, we exclude those listed as Top 100 Best U.S. Corporate Citizens and use the rest approximately 400 companies as the non-socially responsible companies (non-SRCs) for comparison. Every year, we have a different list for SRCs and non-SRCs, adjusted with Top 100 Best U.S. Corporate Citizens list and S&P 500 components. Each company has its Global Industry Classification Standard (GICS) code as the identification for different industries. To examine stock performance of SRCs versus non-SRCs, we generate daily stock prices for these companies from Datastream over the five-year sample period from 2013 to 2017. We also generate S&P 500 Index value as the proxy for the market. We compute the monthly holding period returns by using the end-of- month price compared to the beginning-of-month price. We also compute the annual holding period returns by using the end-of-year price compared to the beginning-of-year price. We generate monthly returns and annual returns for each SRC and non-SRC every year, as well as for S&P 500 Index. We compare the returns to examine whether being socially responsible compromises stock performance. To further examine the difference in returns between SRCs and non-SRCs, we use the annual stock return as the dependent variable in the regression. The independent variables include a social responsibility dummy variable (Dravenstott and Chieffe, 2011). If a company is listed under Top 100 Best U.S. Corporate Citizens, its social responsibility dummy is one. On the other hand, if a company is not listed under Top 100 Best U.S. Corporate Citizens, its social responsibility dummy is zero. By running the regression, we examine whether being socially responsible affects stock returns. We also include a year dummy variable to represent different year during our sample period. The year dummy variable is one for 2013, two for 2014, three for 2015, four for 2016, and five for 2017. In addition, we add GICS code as an industry variable and the market return as another independent variable (Capital Asset Pricing Model). In the stock return regression model, shown in equation (1), Rt is the annual stock return for company t, SRt is the social responsibility dummy, Yt is the year dummy, GICSt is the industry GICS code, and Mt is the market return, while 훼푟 is the interception, 훽푟1, 훽푟2, 훽푟3, and 훽푟4 are parameters to be estimated, and 휀푟푡 is the error term.

푅푡 = 훼푟 + 훽푟1푆푅푡 + 훽푟2푌푡 + 훽푟3퐺퐼퐶푆푡 + 훽푟4푀푡 + 휀푟푡 (1)

In addition to stock performance, we also examine financial performance of SRCs and non-SRCs to investigate whether SRCs are financially stronger. For financial performance, we include various areas, including profitability, management effectiveness, liquidity, and leverage. The financial information for SRCs and non-SRCs is also generated from Datastream. Based on the data availability on Datastream, we include return on equity and net profit margin for profitability, inventory days and receivable days for management effectiveness, current ratio and quick ratio for short-term liquidity, and debt to equity ratio for leverage. We compare these financial ratios of SRCs to those of non-SRCs. The financial ratios usually vary by industries. Thus, we compare the ratios by industries every year over our sample period. We also run regression with the financial ratio as the dependent variable to investigate whether there is significant difference between SRCs and non-SRCs. Under profitability, we first examine return on equity (ROE). We use ROE as the dependent variable; the independent variables include the social responsibility dummy, the year dummy, and the industry GICS code. In the ROE regression model, shown in equation (2), ROEt is the return on equity for company t, SRt is the social responsibility dummy, Yt is the year dummy, and GICSt is the industry GICS code, while 훼푒 is the interception, 훽푒1, 훽푒2, and 훽푒3 are parameters to be estimated, and 휀푒푡 is the error term. We also use net profit margin as another profitability dependent variable; the independent variables include the social responsibility dummy, the year dummy, and the industry GICS code. In the net profit margin regression model, shown in equation (3), Margint is the net profit margin for company t, SRt is the social responsibility dummy, Yt is the year dummy, and GICSt is the industry GICS code, while 훼푚 is the interception, 훽푚1, 훽푚2, and 훽푚3 are parameters to be estimated, and 휀푚푡 is the error term.

푅푂퐸푡 = 훼푒 + 훽푒1푆푅푡 + 훽푒2푌푡 + 훽푒3퐺퐼퐶푆푡 + 휀푒푡 (2) 푀푎푟푔푖푛푡 = 훼푚 + 훽푚1푆푅푡 + 훽푚2푌푡 + 훽푚3퐺퐼퐶푆푡 + 휀푚푡 (3)

For management effectiveness, we examine inventory days and receivable days. In the inventory days regression model, shown in equation (4), Inventoryt is the inventory days for company t, SRt is the social responsibility dummy, Yt is the year dummy, and GICSt is the industry GICS code, while 훼푖 is the interception, 훽푖1, 훽푖2, and 훽푖3 are parameters to be estimated, and 휀푖푡 is the error term. In the receivables days regression model, shown in equation (5), Receivablet is the receivable days for company t, SRt is the social responsibility dummy, Yt is the year dummy, and GICSt is the industry GICS code, while 훼푣 is the interception, 훽푣1, 훽푣2, and 훽푣3 are parameters to be estimated, and 휀푣푡 is the error term.

퐼푛푣푒푛푡표푟푦푡 = 훼푖 + 훽푖1푆푅푡 + 훽푖2푌푡 + 훽푖3퐺퐼퐶푆푡 + 휀푖푡 (4) 푅푒푐푒푖푣푎푏푙푒푡 = 훼푣 + 훽푣1푆푅푡 + 훽푣2푌푡 + 훽푣3퐺퐼퐶푆푡 + 휀푣푡 (5)

For liquidity ratios, we examine current ratio and quick ratio. In the current ratio regression model, shown in equation (6), Currentt is the current ratio for company t, SRt is the social responsibility dummy, Yt is the year dummy, and GICSt is the industry GICS code, while 훼푐 is the interception, 훽푐1, 훽푐2, and 훽푐3 are parameters to be estimated, and 휀푐푡 is the error term. In the quick ratio regression model, shown in equation (7), Quickt is the quick ratio for company t, SRt is the social responsibility dummy, Yt is the year dummy, and GICSt is the industry GICS code, while 훼푞 is the interception, 훽푞1, 훽푞2, and 훽푞3 are parameters to be estimated, and 휀푞푡 is the error term.

퐶푢푟푟푒푛푡푡 = 훼푐 + 훽푐1푆푅푡 + 훽푐2푌푡 + 훽푐3퐺퐼퐶푆푡 + 휀푐푡 (6) 푄푢푖푐푘푡 = 훼푞 + 훽푞1푆푅푡 + 훽푞2푌푡 + 훽푞3퐺퐼퐶푆푡 + 휀푞푡 (7)

For leverage, we examine debt to equity ratio. In the debt to equity ratio regression model, shown in equation (8), Debtt is the debt to equity ratio for company t, SRt is the social responsibility dummy, Yt is the year dummy, and GICSt is the industry GICS code, while 훼푑 is the interception, 훽푑1, 훽푑2, and 훽푑3 are parameters to be estimated, and 휀푑푡 is the error term.

퐷푒푏푡푡 = 훼푑 + 훽푑1푆푅푡 + 훽푑2푌푡 + 훽푑3퐺퐼퐶푆푡 + 휀푑푡 (8)

By running the regression models with financial ratios as the dependent variables and social responsibility as an independent dummy variable, we examine whether being socially responsible affects financial performance in various areas, including profitability, management effectiveness, liquidity, and leverage. We hope to investigate whether social screening helps investors choose financially stronger companies.

Empirical Results

Returns of SRCs versus non-SRCs Based on the daily stock prices generated from Datastream for SRCs and non-SRCs, we compute monthly holding period returns and annual holding period returns for each of the companies in our sample. For comparison, we compute the average monthly returns and the average annual returns for SRCs and non- SRCs. As shown in Table 1, over the five-year sample period, SRCs have the average monthly return of 1.29 percent, while non-SRCs have the average monthly return of -0.52 percent and S&P 500 has the average monthly return of 1.04 percent. SRCs seem to have a slightly higher average monthly return when compared to non-SRCs and the market. For the average annual returns over the five-year sample period, also shown in Table 1, SRCs have the average annual return of 15.79 percent, while non-SRCs have the average annual return of 14.80 percent and S&P 500 has the annual return of 13.84 percent. SRCs seem to have a slightly higher average annual return when compared to non-SRCs and the market.

Table 1 Returns of SRCs, Non-SRCs, and S&P 500 Monthly Return (%) 2013 2014 2015 2016 2017 Average SRCs 2.52 1.02 -0.06 1.35 1.60 1.29 Non-SRCs 2.55 1.04 -0.24 -7.23 1.30 -0.52 S&P 500 1.95 0.93 0.01 0.80 1.50 1.04

Annual Return (%) 2013 2014 2015 2016 2017 Average SRCs 32.53 12.79 -1.45 14.06 21.02 15.79 Non-SRCs 35.80 12.89 -3.42 11.33 17.41 14.80 S&P 500 29.60 11.39 -0.73 9.54 19.42 13.84

To further examine the difference in monthly returns, we run Student’s t-Test on the difference between the average SRC monthly returns and the average non-SRC monthly returns over the five-year period from 2013 to 2017. The difference is 1.7622 percent; SRCs outperformed non-SRCs, but it is not statistically significant, shown in Table 2. We also run Student’s t-Test on the difference between the average SRC monthly returns and the market returns. The difference is 0.1528 percent; SRCs outperformed the market slightly, but it is not statistically significant, also shown in Table 2. Although SRCs seem to outperform non- SRCs and the market slightly in monthly returns, the differences are not statistically significant. Our findings support Chan et al. (2016) that the stock performance of SRCs is similar to that of non-SRCs.

Table 2 Student’s t-Test on Monthly Returns Monthly Returns SRCs – Non SRCs SRCs - Market Mean 1.7622% 0.1528% SD 12.8913% 0.7561% t Value 1.0588 1.5659 Pr > |t| 0.2940 0.1227

Regression on returns We run regression with the annual stock return as the dependent variable and social responsibility as an independent dummy variable for SRCs and non-SRCs over our sample period from 2013 to 2017. When a company is listed in Top 100 Best U.S. Corporate Citizens, the social responsibility dummy variable has the value of one. When a company is not listed in Top 100 Best U.S. Corporate Citizens, the dummy variable has the value of zero. We also create a year dummy variable to represent different year. In addition, we add the GICS code as an industry variable and the market return as another independent variable. The relationship between the annual returns and the social responsibility is not significant, shown in Table 3. The year variable and the market are both significant in the regression, suggesting that the stock returns very by years and the market is a significant factor (supporting Capital Asset Pricing Model). The industry code is not significant. Based on the regression result, we conclude that social responsibility does not have a significant impact on stock returns. In other words, being socially responsible does not compromise stock performance.

Table 3 Regression for Annual Return on SR, Year, Industry, and Market Return R-square F value Pr > F 0.1793 136.21 <.0001 Variables Estimate Std Error t Value Pr > |t| Intercept 0.0030 0.0189 0.16 0.8721 SR 0.0093 0.0131 0.71 0.4787 Year -0.0095 0.0038 -2.48 0.0134 GICS 0.0029 0.0018 1.57 0.1158 Market 1.1519 0.0541 21.29 <.0001

Financial performance on profitability To examine financial performance of SRCs versus non-SRCs, we include return on equity (ROE) and net margin for profitability. ROE and net margin for each company are generated from Datastream. To compare the difference, we average ROEs and net margins with firms by industry GICS codes. We also take the annual averages for comparison, shown in Table 4. SRCs seem to have higher ROE when compare to non-SRCs for each of the five years during the sample period. On the other hand, SRCs seem to have slightly lower net margin when compare to non-SRCs during the sample period.

Table 4 Profitability for SRCs and Non-SRCs ROE (%) 2013 2014 2015 2016 2017 Average SRCs 133.76 25.30 32.47 36.56 40.59 53.74 Non-SRCs 18.73 21.42 20.50 19.89 21.44 20.40

Net Margin (%) 2013 2014 2015 2016 2017 Average SRCs 10.80 10.46 7.61 8.98 9.57 9.48 Non-SRCs 11.62 11.59 7.25 9.38 12.12 10.39

To examine the difference in return on equity, we run Student’s t-Test on the difference between the average return on equity of SRCs and that of non-SRCs by industries over the five-year period from 2013 to 2017. The difference is 25.7964 percent; SRCs outperformed non-SRCs, and it is statistically significant at 90 percent confidence level, shown in Table 5. We also run Student’s t-Test on the difference between the average net profit margin of SRCs and that of non-SRCs by industries. The difference is -0.6364 percent; SRCs do not outperformed non-SRCs, but it is not statistically significant, also shown in Table 5. The Student’s t-Test results support our observation that SRCs seem to have higher ROE when compare to non-SRCs during the sample period.

Table 5 Student’s t-Test on Profitability SRCs – non SRCs ROE Net Margin Mean 25.7964% -0.6364% SD 111.5980% 7.30389% t Value 1.7142 -0.6462 Pr > |t| 0.0922 0.5209

We further run regression to examine the difference on profitability. We use ROE and net profit margin as the dependent variables in the regressions. The independent variables include the social responsibility dummy, the year dummy, and the industry GICS code. For the regression on ROE, the relationship between ROE and the social responsibility is significant, shown in Table 6. The parameter is positive, suggesting that SRCs have higher ROE. The year dummy is not significant. The industry code also has a significant impact on ROE. In other words, ROE varies across industries. We also run regression for net profit margin. The relationship between net profit margin and social responsibility is not significant, shown in Table 6. The year dummy is not significant. The industry code also has a significant impact on net profit margin. In other words, net profit margin varies across industries.

Table 6 Regression for Profitability on SR, Year, and Industry ROE R-square F value Pr > F 0.0055 4.46 0.0039 Variables Estimate Std Error t Value Pr > |t| Intercept 44.8165 13.3285 3.36 0.0008 SR 33.9231 11.3607 2.99 0.0029 Year -3.0229 3.1923 -0.95 0.3438 GICS -3.0787 1.5970 -1.93 0.0540

Net Margin R-square F value Pr > F 0.0129 10.92 <.0001 Variables Estimate Std Error t Value Pr > |t| Intercept 7.3322 1.0937 6.70 <.0001 SR -1.01253 0.9340 -1.08 0.2785 Year -0.1949 0.2619 -0.74 0.4659 GICS 0.7353 0.1311 5.61 <.0001

Based on Student’s t-Test results, we find that SRCs tend to have higher ROE. We further run the regression with ROE as the dependent variable and social responsibility as a dummy variable. We find significant relationship over our sample period, suggesting that SRCs tend to have higher ROE when compared to non-SRCs. This result supports Ka (2010) and Adewale and Sarah (2012) that SRCs have higher ROE. When we examine net profit margin, SRCs tend to have slightly lower net margin when compared to non-SRCs. We further run the regression with net profit margin as the dependent variable and social responsibility as one dummy variable. The relationship is not significant. We conclude that SRCs and non-SRCs do not have significant difference on net profit margin.

Financial performance on management effectiveness For management effectiveness, we examine inventory days and receivable days. Shorter inventory days indicate higher inventory turnover and thus more efficiency in inventory management. It is similar for receivable days that shorter receivable days indicate higher receivable turnover and thus more efficiency in receivable management. SRCs seem to have shorter inventory days when compare to non-SRCs for each of the five years during our sample period, shown in Table 7. SRCs also seem to have shorter receivable days when compare to non-SRCs for each of the five years during the sample period. SRCs seem to have higher management effectiveness in terms of inventory and receivable management.

Table 7 Management Effectiveness for SRCs and Non-SRCs Inventory Days 2013 2014 2015 2016 2017 Average SRCs 70.79 77.70 73.85 75.16 69.16 73.33 Non-SRCs 89.16 83.19 91.73 94.58 93.53 90.44

Receivable Days 2013 2014 2015 2016 2017 Average SRCs 54.29 59.36 55.86 54.36 53.75 55.52 Non-SRCs 56.11 55.25 57.34 59.56 60.40 57.53

To examine the difference in management effectiveness, we run Student’s t-Test on the difference between the average inventory days of SRCs and those of non-SRCs by industries over the five-year period from 2013 to 2017. The difference is -7.0717 days; SRCs have shorter inventory days, and it is statistically significant at 90 percent confidence level, shown in Table 8. We also run Student’s t-Test on the difference between the average receivable days of SRCs and those of non-SRCs by industries. The difference is -0.4629 days; SRCs have slightly shorter receivable days, but it is not statistically significant, also shown in Table 8. The Student’s t-Test results support our observation that SRCs seem to have shorter inventory days when compare to non-SRCs.

Table 8 Student’s t-Test on Management Effectiveness SRCs – Non SRCs Inventory Days Receivable Days Mean -7.0717 -0.4629 SD 28.8613 11.6859 t Value -1.6975 -0.2938 Pr > |t| 0.0962 0.7700

We further run regression with inventory days as the dependent variable and social responsibility as an independent dummy variable, in addition to year and industry. The relationship between inventory days and social responsibility is significant, shown in Table 9. The parameter is negative, suggesting that SRCs have shorter inventory days. The industry code also has a significant impact on inventory days. In other words, inventory days vary across industries. We also run regression with receivable days as the dependent variable and social responsibility as an independent dummy variable, in additional year and industry. The relationship between receivable days and social responsibility is not significant, shown in Table 9. The industry code has a significant impact on receivable days; receivable days vary across industries.

Table 9 Regression for Management Effectiveness on SR, Year, and Industry Inventory R-square F value Pr > F 0.0123 7.29 <.0001 Variables Estimate Std Error t Value Pr > |t| Intercept 95.6812 5.9386 16.11 <.0001 SR -16.3073 4.9005 -3.33 0.0009 Year 1.4744 1.4697 1.00 0.3159 GICS -2.0469 0.6936 -2.95 0.0032

Receivable R-square F value Pr > F 0.0117 8.14 <.0001 Variables Estimate Std Error t Value Pr > |t| Intercept 45.6511 3.4836 13.10 <.0001 SR -2.6812 2.8762 -0.93 0.3513 Year 0.8734 0.8401 1.04 0.2986 GICS 1.9262 0.4042 4.76 <.0001

When we examine inventory days, we find that SRCs have shorter inventory days, suggesting that SRCs manage inventories more efficiently when compared to non-SRCs. When we run the regression with inventory days as the dependent variable and social responsibility dummy as one of the independent variables, the parameter of the social responsibility dummy is negative and significant, suggesting that SRCs tend to have shorter inventory days. In other words, SRCs manage their inventories more efficiently. When we examine receivable days, it seems that SRCs also have lower receivable days when compared to non-SRCs. However, when we run the regression with receivable days as the dependent variable and social responsibility as one of the independent variables, the parameter for the social responsibility dummy variable is negative, suggesting that SR firms have shorter receivable days. However, such relationship is not statistically significant over the sample period.

Financial performance on liquidity For short-term liquidity, we examine current ratio and quick ratio. These ratios are generated for SRCs and non-SRCs. We compute the averages of these rations for the two groups, shown in Table 10. SRCs seem to have lower current ratio when compare to non-SRCs for each of the five years during the sample period. In addition, SRCs also seem to have lower quick ratio when compare to non-SRCs. SRCs seem to have lower short-term liquidity when compared to non-SRCs.

Table 10 Liquidity Ratios for SRCs and Non-SRCs Current Ratio 2013 2014 2015 2016 2017 Average SRCs 1.60 1.62 1.44 1.58 1.62 1.57 Non-SRCs 2.05 1.90 1.91 1.87 1.82 1.91

Quick Ratio 2013 2014 2015 2016 2017 Average SRCs 1.10 1.11 1.01 1.16 1.23 1.12 Non-SRCs 1.39 1.28 1.31 1.28 1.24 1.30

To examine the difference in liquidity, we run Student’s t-Test on the difference between the average current ratio of SRCs and that of non-SRCs by industries over the five-year period from 2013 to 2017. The difference is -0.1384; SRCs have a lower current ratio, and it is statistically significant at 90 percent confidence level, shown in Table 11. We also run Student’s t-Test on the difference between the average quick ratio of SRCs and that of non-SRCs by industries. The difference is -0.0524; SRCs have slightly lower quick ratio, but it is not statistically significant, also shown in Table 11. The Student’s t-Test results support our observation that SRCs seem to have lower liquidity when compare to non-SRCs.

Table 11 Student’s t-Test on Liquidity SRCs – non SRCs Current Ratio Quick Ratio Mean -0.1384 -0.0524 SD 0.5288 0.4260 t Value -1.9417 -0.9135 Pr > |t| 0.0574 0.3650

To examine the difference in short-term liquidity between SRCs and non-SRCs, we further run the regression with current ratio as the dependent variable and social responsibility as an independent dummy variable, in additional to year and industry. The relationship between current ratio and social responsibility is significant, shown in Table 12. The parameter is negative, suggesting that SRCs have lower current ratios. The industry code also has a significant impact on current ratio; current ratio varies across industries. We also run the regression with quick ratio as the dependent variable and social responsibility as an independent dummy variable, in additional to year and industry. The relationship between quick ratio and social responsibility is significant, shown in Table 12. The parameter is negative, suggesting that SRCs have lower quick ratios. The industry code also has a significant impact on quick ratio; quick ratio varies across industries.

Table 12 Regression for Liquidity Ratios on SR, Year, and Industry Current R-square F value Pr > F 0.0137 9.76 <.0001 Variables Estimate Std Error t Value Pr > |t| Intercept 2.1105 0.0841 25.08 <.0001 SR -0.3289 0.0706 -4.66 <.0001 Year -0.0382 0.0204 -1.87 0.0619 GICS -0.0180 0.0098 -1.84 0.0666

Quick R-square F value Pr > F 0.0105 7.51 <.0001 Variables Estimate Std Error t Value Pr > |t| Intercept 1.2165 0.0698 17.42 <.0001 SR -0.1877 0.0585 -3.21 0.0014 Year -0.0177 0.0169 -1.05 0.2959 GICS 0.0283 0.0081 3.47 0.0005

When we examine current ratio for SRCs and non-SRCs by industry, we find that SRCs have lower current ratio, suggesting that SCRs have lower short-term liquidity when compared to non-SRCs. We further run regression with current ratio as the dependent variable and social responsibility as one of the independent variables. The parameter of the social responsibility dummy variable is negative and significant, suggesting that SRCs have lower current ratios. We have similar finding for quick ratio; SRCs have lower quick ratios when compared to non-SRCs. Our empirical results suggest that SRCs have lower short-term liquidity when compared to non-SRCs. We suspect that to be socially responsible, companies might have to scarifies their short-term liquidity to cover additional short-term costs associated with social responsibility.

Financial performance on leverage We also examine leverage of SRCs and non-SRCs. More specifically, we examine debt to equity ratio for these companies and take the averages of the two groups. Based on the comparison results in Table 13, it seems that SRCs have higher debt to equity ratio when compared to non-SRCs in 2013 and 2014. However, the ratio seems to be lower for SRCs in 2015 and thereafter. SRCs seem to lower their leverage in recent years.

Table 13 Leverage Ratio for SRCs and Non-SRCs Debt to Equity 2013 2014 2015 2016 2017 Average SRCs 115.84 151.93 31.95 20.45 12.73 66.58 Non-SRCs 87.64 58.32 121.11 164.65 84.41 103.23

To examine the difference in leverage, we run Student’s t-Test on the difference between the average debt to equity ratios of SRCs and those of non-SRCs by industries over the five-year period from 2013 to 2017. The difference is -36.9669; SRCs have a lower debt to equity ratio, but it is not statistically significant, shown in Table 14.

Table 14 Student’s t-Test on Leverage SRCs – non SRCs Debt to Equity Ratio Mean -36.9669 SD 205.9382 t Value -1.3312 Pr > |t| 0.1887

We further run regression with debt to equity ratio as the dependent variable and social responsibility as an independent dummy variable, in additional to year and industry. The relationship between debt to equity ratio and social responsibility is not significant, shown in Table 15. The industry code and the year do not have significant impact on debt to equity ratio, either.

Table 15 Regression for Debt to Equity Ratio on SR, Year, and Industry Debt Equity R-square F value Pr > F 0.0007 0.60 0.6151 Variables Estimate Std Error t Value Pr > |t| Intercept 57.5437 63.0244 0.91 0.3613 SR -38.5053 53.8242 -0.72 0.4744 Year 1.0800 15.0947 0.07 0.9430 GICS 8.6643 7.5560 1.15 0.2516

In 2013 and 2014, SRCs seem have to higher debt to equity ratio when compared to non-SRCs. However, the ratio seems to be lower for SRCs in 2015 and thereafter. SRCs seem to lower their leverage in recent years. We further run the regression with debt to equity ratio as the dependent variable and social responsibility as an independent dummy variable. The relationship is not significant. We conclude that there is no significant difference in leverage ratios between SRCs and non-SRCs.

Conclusion

Socially responsible investing has gained attention and become popular in financial markets in recent decades, as people realize the limited resources we share on this planet. The literature about financial performance of socially responsible companies or socially responsible investing seems inconclusive. Some studies argue that being socially responsible comes with costs and might be associated with poor financial performance, while others provide evidence to support that socially responsible companies outperform in the long run. This study provides updated empirical evident on stock returns and financial performance of socially responsible companies. The lists of socially responsible companies (SRCs) are obtained from Corporate Responsibility Magazine, where companies are ranked and selected as Top 100 Best U.S. Corporate Citizens every year based on seven social responsibility criteria, including environment, climate change, employee relations, human rights, financial performance, corporate governance, and philanthropy and community support. We use S&P 500 Index as the benchmark for comparison. Those companies listed under S&P 500 but not selected as Top 100 Best U.S. Corporate Citizens are defined as non-socially responsible companies (non-SRCs) for comparison. Stock returns and financial performance, including profitability, management effectiveness, liquidity, and leverage, of SRCs and non-SRCs are generated from Datastream over our sample period from 2013 to 2017. For stock returns, SRCs seem to have slightly higher average returns when compared to non-SRCs and the market. We run Student’s t-Test on the differences between the returns; the differences are not statistically significant. Our findings support Chan et al. (2016) that stock performance of SRCs is similar to that of non-SRCs. We further run regression with the annual stock return as the dependent variable and social responsibility as an independent dummy variable, while the control variables include year, industry, and market. Our regression result suggests that social responsibility does not have significant impact on stock returns. In other words, being socially responsible does not compromise stock performance. We also compare finance performance of SRCs versus non-SRCs on profitability, management effectiveness, liquidity, and leverage. Our regression results suggest that SRCs have higher return on equity, shorter inventory days, and lower liquidity ratios. SRCs generate higher return on equity than non-SRCs. SRCs also tend to manage their inventories more effectively. At the same time, SRCs have lower short-term liquidity. We suspect that being socially responsible might come with more short-term costs and thus cause SRCs to have lower short-term liquidity. Nonetheless, based on our empirical results, we conclude that SRCs seem to be financially stronger, especially on profitability and management effectiveness. Social screening can help investors choose financially stronger companies. Global warming and extreme weather conditions have created challenges to our environment. There are things we can do to help make a difference. Socially responsible investing might be one of them. Based on our study, being socially responsible does not compromise stock return. SRCs perform as well as non-SRCs in term of stock returns. In addition, social screening might help investors choose financially stronger companies. SRCs tend to have higher return on equity and higher management effectiveness. The literature about financial performance of socially responsible companies seems inconclusive. By providing updated empirical evidence, we hope to have shed some light in this area and encourage more socially responsible investing.

References Adewale, A., & Sarah, R. (2012). The impact of corporate social responsibility on the profitability of listed retailers: Indication from the Johannesburg Security Exchange (JSE). African Journal of Business Management, 6 (4), 1694-1701.

Chan, C., Chou, D., & Lai, C. (2016). Does the stock market favor socially responsible firms? Evidence from SEOs. Taiwan Economic Review, 44 (2), 339-377.

Change, E., Nelson, W., & Witte, H. (2012). Do green mutual funds perform well? Management Research Review, 35 (8), 693-708.

Das, P., & Rao, S. (2013). Performance evaluation of socially responsible mutual funds using style analysis. Social Responsibility Journal, 9 (1), 109-123.

Dravenstott, J., & Chieffe, N. (2011). Corporate social responsibility: Should I invest for it or against it? Journal of Investing, 20 (3), 108-117.

Gil-Bazo, J., Ruiz-Verdu, P., & Santos, A. (2010). The performance of socially responsible mutual funds: The role of fees and management companies. Journal of Business Ethics, 94 (2), 243-263.

Huang, T., & Zong, S. (2017). Stock performance of socially responsible companies. Nang Yan Business Journal, 5 (1), 1-12.

Ito, Y., Managi, S., & Matsuda, A. (2013). Performances of socially responsible investment and environmentally friendly funds. Journal of the Operational Research Society, 64 (11), 1583-1594.

Ka, P. (2010). Analysis of socially responsible investments (SRI) on the basis of global 100 ranking. e-Finance, 6 (special issue), 27-40.

Latinovic, M., & Obradovic, T. (2013). The performance of socially responsible investments. Entrepreneurial Business and Economics Review, 1 (2), 29-40.

Mill, G. (2006). The financial performance of a socially responsible investment over time and a possible link with corporate social responsibility. Journal of Business Ethics, 63 (2), 131-148.

Muise, M. (2009). Returns on investment of socially responsible firms versus non-socially responsible firms: A financial market perspective. Doctoral dissertation, Walden University.

Oppong, S. (2014). Corporate social responsibility and corporate performance: A study of the top 100 performing firms in Ghana. Journal of Contemporary Research in Management, 9 (2), 23-33.

Revelli, C., & Viviani, J. (2013). The link between SRI and financial performance: Effects and moderators. Management International, 17(2), 105-122.

Rodriguez, J. (2010). The performance of socially responsible mutual funds: a volatility-match approach. Review of Accounting and Finance, 9 (2), 180-188.

Sanker, A., & Wadhwani, U. (2012). Stock market returns of 100 most socially responsible corporations in USA and their benchmark indices. Journal of Contemporary Research in Management, 7 (2), 1-10.

Stanley, S. (2011). A correlational study examining the relationship between social responsibility and financial performance. Doctoral dissertation, Walden University.

Utz, S., & Wimmer, M. (2014). Are they any good at all? A financial and ethical analysis of socially responsible mutual funds. Journal of Asset Management, 15 (1), 72-82.

Van de Velde, E., Vermeir, W., & Corten, F. (2005). Finance and accounting: Corporate social responsibility and financial performance. Corporate Governance, 5 (3), 129-138.

Vollono, R. (2010). Doing well by doing good: The empirical relationship between corporate social responsibility and financial performance, Master dissertation, Georgetown University.

Determining if there is a Relationship between How Much Time a Faculty Member Spends Assessing Student Assignments and Final Grades at a Rural University: A One Year Analysis

Gary F. Keller, Ph.D. College of Business Eastern Oregon University, LaGrande, OR

Allen Klingenberg, Ph.D. Department of Mathematics Carthage College, Kenosha, WI

Abstract This research paper is an extension of a previous study that evaluated if there were statistically significant relationships between the amount of time students spent on course assignments and final course grades. The focus of this exploratory investigation was to ascertain if there were statistically significant associations between the amount of time a faculty member spent reading, assessing and grading student assignments and the final grade given. In this investigation the researcher utilized data recorded from the University’s Canvas Learning Management System (LMS) regarding his total activity time spent evaluating student assignments for the same 11 courses (5 face-to-face, 6 online) taught by this researcher during the 2018 academic year. The total student population consisted of 308 students enrolled in a small, liberal arts, rural public university located in the Pacific Northwest. Four main discoveries were derived from this exploratory research investigation; a) data derived from this study supports the premise that when a faculty member allocates more time to carefully review student assignments, greater grade variations occur with a Chi-Square of 289.5 significant at the .005 level; b) statistically significant differences were found between the instructor’s total activity time spent in the Learning Management System and grades assigned to undergraduate male and female students enrolled in Principles of Management courses taught by the faculty member, with a Chi- Square of 56.7 significant at the .05 level; c) no statistically significant difference was found between the instructor’s total activity time spent in the Learning Management System and course grades of Masters degree students enrolled in face to face and online courses and d) a statistical significant relationship was found between the instructor’s total activity time spent in the Learning Management System and course grades of students enrolled in face to face courses taught by the faculty member, with a Chi-Square of 26.89 significant at the .05 level. Two suggestions for future research on this topic are suggested; more research needs to be conducted on how much time faculty spend evaluating student assignments and expanding the number of subjects in the research population (faculty and students) that can enlarge the amount and diversity of courses and disciplines observed to create a baseline from which further research can be conducted and perhaps drive improvements regarding student study and faculty grading methodologies. Background to the Problem/Opportunity

Learning Management Systems (LMSs) are defined as “web-based technology which assists in the planning, distribution and evaluation of a specific learning process” (Asiri & Mahmud, 2012, p. 126 as cited in Christeny, 2013).The Educause Center for Analysis and Research claims that in 2014, 99% of colleges and universities used an LMS, 85% of faculty used a LMS and 83% of students used a LMS (Brown, Millichap & Dehoney, 2015). The widespread use of LMSs, to a large degree precipitated by the advent of online degree programs, revolutionized the manner in which faculty and students interact. LMSs also represent a significant financial and continuous training investment for higher education prompting a need for careful appraisal when renewing or adopting a new LMS (Machajewski, Steffen, Romero & Romero, 2019). LMSs also provide a rich source of information (although some consider an LMS as a “transactional warehouse” (Brozina & Knight, 2015) for faculty and administrators to not only evaluate student performance but also assess how much time students spend in courses and determine if learning outcomes are being accomplished. Evaluating to what extent a student has reached various learning outcomes is a continuous pursuit driven not only by institutional and accreditation requirements but most importantly by the faculty member teaching the course. Trying to establish how much effort a student dedicates to their assignments and calculating if there were relevant relationships between a student’s total activity time (TAT) spent on a course LMS and the grade they earned was the focus of this faculty member’s previous study Comparing the Total Activity Rates and Final Grades of College of Business Students at a Rural University - A One Year Analysis. One variable of the research not explored in that inquiry was the time that a faculty member spends reading and grading student assignments and if a faculty member’s total activity time on a course LMS may affect student grades.

Literature Review

Three scholarly domains were examined concerning this exploratory research topic. A gap in the literature exists in the space of evaluating faculty member TAT on an LMS and the effect it may have on student grading. A similar literature gap was uncovered by this researcher in his previous exploratory research investigating student TAT on an LMS and the effect on grades. The first domain surveyed was the value of the existing university student grading system. A mismatch of expectations appeared between students and faculty regarding the value and outcomes of the ubiquitous A-F assignment/exam grading scheme. Stamm (2013) cited studies that indicated students attributed more value to grades as an end in themselves than faculty feedback. Faculty involved in the study believed the reverse. The misperceptions of the meaning/utility of grading has inadvertently created an academic ratio analysis approach to course work. Nilson (2015) observed that academia has not formalized a consistent way to evaluate the product of a grading system essentially transforming higher education into becoming a cost/benefit calculation in which students gauge how to obtain the highest grades by putting in the least amount of time and effort. Faculty also support the ratio analysis ideology by utilizing not only the omnipresent A-F grading structure but also relying on grading rubrics which contributes to a nearly exclusive use of analytical student performance measurements. When one adds the need for faculty members to secure favorable post course student ratings (Findlay, 2010) the present grading structure creates an unintended reciprocal relationship between faculty and students. A second scholarly realm concentrated on how faculty members utilize their time. LMSs provide data on the TAT students and faculty spend when utilizing them. Clearly faculty members spend many unrecorded hours reading, grading assignments, communicating with students, etc. However, in this research realm, several studies provide fascinating insights, connections and benchmarks regarding faculty LMS, TAT, and student grades. Kreuter (2013) estimated that during a faculty member’s estimated 60 hours work week, the amount of time spent grading each student’s assignment was 16.03 minutes per week per student (unclear if graduate students were calculated in the estimate) not including relatively minor assignments, final portfolio review or final exams. Morrison (2015) investigated how much time it takes faculty members to develop and facilitate online courses. While the faculty members’ learning curve for producing, creating and utilizing an online course diminished with more frequent use, the time needed to grade online assignments enlarged from the first to the third time he/she taught the course. Finally, a study by Mandernach and Holbeck (2016) found that faculty members spend 12.69 hours per week per online course (average class size of 22 students). The third scholarly field involved predictive relationships between faculty and student engagement and grades. There is a scarcity of research in the aforementioned interest areas leading to the conclusion of a literature gap. Nonis, Relyea, and Hudson (2007) observed that students’ study time and its connection to academic performance was “limited at best” (p. 18). In a follow-up examination Nonis and Hudson (2010) revealed several unanticipated results regarding the connection between study habits and grades. Nonis and Hudson concluded that the quantity of time influenced performance; however, the nature of the students’ study habits (quality) played a key role in shaping grade quality. Cherng-Jyh and Abdous (2012) conducted studies to establish if there were three predictive relationships between faculty and students (faculty engagement, learner satisfaction and outcomes) across multiple learning delivery modes (face to face, satellite broadcasting and live video-streaming). Among the research results it was determined that “an increase in the faculty engagement score was accompanied by an increased probability of obtaining a better course final grade” (p. 74). Furthermore, an exploration study conducted by Keller (2020) supported Nonis, Relyea and Hudson’s general findings as it was determined that there was no statistically significant relationship found between the TAT (in hours) spent by students and their course grades regardless of modality. Two main observations were derived from the scholarly domains pertaining to the relationship between faculty member TAT on an LMS and its effect on student grading. Dwivdei, Bobek and Sternad Zabukovsek (2019) asserted that in their study of Indian postgraduate students’ time spent online was directly related to the faculty member’s online time and speed to reply to students’ questions. However, the connection between faculty TAT and grades was not made. This outcome as well as the other research investigations found in the scholarly literature search revealed a significant gap in this scholarly domain. Absent in the scholarly literature is a meaningful evaluation of the outcomes of student and faculty member LMS TAT (Bedi & Land, 2007; Campebell, 2007; MacFadeyen & Dawson, 2010 as cited in Stamm (2013). The current literature revealed; a) the averages of how much time faculty members spend grading student assignments and facilitating online coursework and b) students attribute more value to grades as an end in themselves. However, absent in the scholarly literature is an exploration into the consequences of faculty members’ Total Activity Time (TAT) and what if any influence it may have on the assignment of final grades.

Research Goals

The chief goal of this exploratory research project was to ascertain if there was a relationship between the TAT a faculty member spent facilitating online courses and the final course grade of students enrolled in courses taught by this faculty member during 2018. Secondary research goals were: a) to determine if there were statistically significant differences between the TAT a faculty member spent facilitating courses and the final course grades for students enrolled in online and face to face courses; b) to what extent did differences exist between the TAT a faculty member spent facilitating online courses and final course grades of males and females; c) to what extent did differences exist between the TAT a faculty member spent facilitating online and face to face undergraduate and graduate courses and final course grades.

Subject Population

This investigation encompassed 11 College of Business courses (5 face-to-face, 6 online) taught by this researcher at in a small, liberal arts, rural public university located in the Pacific Northwest during 2018 (Winter 2018 – Fall 2018). The total population consisted of 308 students (139 males - 46%, 169 females - 54%). Of the 308 students 70 (22%) participated in face-to-face undergraduate courses; 9 (3%) were enrolled in a face to face MBA course; 217 (71%) students were listed in undergraduate online courses; and 12 (4%) were registered in an online MBA course. Course assignments were composed of quizzes, discussions, essays and a final “capstone” assignment. Data for this research was derived from the University’s Canvas Learning Management System (LMS). The Canvas LMS tracks the amount of time whenever a student signs on to the course. Individual and final course grades are also recorded in the LMS. The University utilizes a quarter course scheduling system; each term is composed of 10 weeks of instruction and one week allocated for final exams.

Limitations

There were three major limitations to this study. The first constraint is that gender was assumed based on interpersonal interactions as participants did not self-report their gender. Gender was assumed based on personal interactions and presentations. Gender for online students was grounded on commonly accepted name conventions. However; if gender identity was not clear from interactions or easily recognized from the individual’s name, the participant’s data was excluded from the analysis. The second restraint was the size of the subject population. The study involved only courses taught by this researcher during one calendar year and as a result did not include a representative sample of the entire student population of the University or College of Business. A third restraint was class size, mix of types of assignments (example an automatically graded quiz, discussions, etc.) and level (undergraduate compared to graduate level) influenced the faculty member’s TAT. Some courses such as the BA 321 online courses had more quizzes and discussions than their face-to-face counterparts requiring the instructor to spend less TAT. TAT does not accurately capture the instructor’s time spent offline reading and grading essays. Nonetheless, time spent as recorded by the LMS served as a proxy for TAT the instructor dedicated to course work.

Methodology

The principle problem addressed in this exploratory research study was to determine if there was a relationship between the total activity time the instructor devoted to assessing student performance and the final course grades given to students enrolled in courses taught by this researcher during 2018. Secondary research goals included: a) to ascertain if there were variances between the instructor’s total activity time and grades given to females and males; b) were there discrepancies between the instructor’s total activity time and grades assigned to face to face and online students; c) were there disparities between the faculty member’s total activity time and grades and undergraduate and grade courses. In this study, the type of data about the gender, time apportioned by the instructor and course grades were extracted from the University’s Learning Management System (LMS), Canvas. This investigation encompassed 11 College of Business courses (5 face-to-face, 6 online) taught by this researcher at a rural university during 2018 (Winter 2018 – Fall 2018). The total population consisted of 308 students (139 males - 46%, 169 females -54%). Data about the instructor’s TAT for 18 courses taught in 2018 are presented in Table 1.

Table 1: Instructor’s TAT Information for 2018 Courses Taught N = 18 courses Average hours per class 21 Average hours per undergraduate class 18 Average hours per graduate class 47 Average hours per face to face class 30 Average hours per online class 18 Average hours per undergraduate face to face 26 class Average hours per undergraduate online class 16 Average hours per graduate face to face class 50 Average hours per graduate online class 42 Average minutes spent grading each student’s 16 assignment per week per student (Kreuter (2013) Average hours spent grading each student’s 5 assignment per week Average hours spent grading each student’s 50 assignment per week x 10 weeks

Below are seven research questions that guided this part of the study. The data were analyzed using statistical tests and significance levels noted within each data table to determine the significance for each research question. The main research questions for this exploratory research were:

Research Questions

RQ 1: To what extent are there statistically significant differences between the total activity time the instructor spent in the Learning Management System and course grades of undergraduate students enrolled in face to face and online courses taught by the faculty member?

RQ 2: To what extent are there statistically significant differences between the total activity time the instructor spent in the Learning Management System and course grades of students enrolled in online courses taught by the faculty member?

RQ 3: To what extent are there statistically significant differences between the instructor’s total activity time spent in the Learning Management System and course grades of undergraduate students enrolled in face to face courses taught by the faculty member?

RQ 4: To what extent are there statistically significant differences between the instructor’s total activity time spent in the Learning Management System and course grades of Masters students enrolled in face to face and online students courses taught by the faculty member?

RQ 5: To what extent are there statistically significant differences between the instructor’s total activity time spent in the Learning Management System and course grades of face-to face Principles of Management (undergraduate) students when the instructor spent more than 30 hours and less than 22 hours?

RQ 6: To what extent are there statistically significant differences between the instructor’s total activity time the instructor spent in the Learning Management System and course grades of male and female students enrolled in Principles of Management (undergraduate students) courses taught by the faculty member?

RQ 7: To what extent are there statistically significant differences between the instructor’s total activity time spent in the Learning Management System and course grades of male and female undergraduate students enrolled in courses taught by the faculty member?

Results and Findings

RQ 1: To what extent are there statistically significant differences between the total activity time the instructor spent in the Learning Management System and course grades of undergraduate students enrolled in face to face and online courses taught by the faculty member?

Table 2: Relationship of Instructor’s Total Activity Time to Course Grade for Undergraduates

Chi-Square Test N=266 266 undergraduates Chi-Square Critical 116, p value at .005 level Chi-Square of 289.5 found

Result: Statistically significant relationship found between instructor’s total activity time (in hours) and final course grade (A, B, C, D, F) for undergraduate students enrolled in face-to-face and online courses.

RQ 2: To what extent are there statistically significant differences between the total activity time the instructor spent in the Learning Management System and course grades of undergraduate students enrolled in online courses taught by the faculty member?

Table 3: Differences of Course Grades Between Instructor’s Total Activity Time and Course Grades of Undergraduate Online Students

Chi-Square Test N=188 188 undergraduates Chi-Square Critical 55.8, p value at .05 level Chi-Square of 56.7 found, p value below .05 level

Result: Statistically significance differences found between the instructor’s total activity time the instructor spent in the Learning Management System and course grades of undergraduate students enrolled in online courses taught by the faculty member.

RQ 3: To what extent are there statistically significant differences between the instructor’s total activity time spent in the Learning Management System and course grades of undergraduate students enrolled in face to face courses taught by the faculty member?

Table 4: Differences of Course Grades Between Instructor’s Total Activity Time and Face-to-Face Students

Chi-Square Test N=118 118 undergraduates Chi-Square Critical 43.8, p value at .05 level Chi-Square of 27.38 found

Result: No statistical significant relationship found between the instructor’s total activity time spent in the Learning Management System and course grades of students enrolled face to face courses taught by the faculty member.

RQ 4: To what extent are there statistically significant differences between the instructor’s total activity time spent in the Learning Management System and course grades of Masters students enrolled in face to face and online students courses taught by the faculty member?

Table 5: Differences Between Instructor’s Total Activity Time and Course Grades of Masters Students

Chi-Square Test N=21 9 face to face – 12 online Chi-Square Critical 16.92, p value at .05 level Chi-Square of 4.27 found

Result: No statistically significant differences found between the instructor’s total activity time spent in the Learning Management System and course grades of Masters students enrolled in face to face and online courses taught by the faculty member.

RQ 5: To what extent are there statistically significant differences between the instructor’s total activity time spent in the Learning Management System and course grades of face-to face Principles of Management (undergraduate) students when the instructor spent more than 30 hours and less than 22 hours?

Table 6: Differences Between Instructor’s Total Activity Time and Course Grades of Principles of Management Students When Instructor Spent More than 30 Hours and Less Than 22 hours.

Chi-Square Test N=79 79 undergraduates Chi-Square Critical 24.996, p value at .05 level Chi-Square of 26.89 found

Result: Statistical significance found at .05 level for Principles of Management undergraduate face-to-face students’ grades when instructor spent more than 30 hours compared to when instructor spent less than 22 hours.

RQ 6: To what extent are there statistically significant differences between the instructor’s total activity time the instructor spent in the Learning Management System and course grades of male and female students enrolled in Principles of Management (undergraduate students) courses taught by the faculty member?

Table 7: Differences Between Instructor’s Total Activity Time and Course Grades of Males and Females Enrolled in Principles of Management Students Taught by the Faculty Member

Chi-Square Test N= 178 83 males - 47%, 95 females -53%

Chi-Square Critical 35.03, p value at .10 level Chi-Square of 35.93 found

Result: Statistical significance found at the .10 level.

RQ 7: To what extent are there statistically significant differences between the instructor’s total activity time spent in the Learning Management System and course grades of male and female undergraduate students enrolled in courses taught by the faculty member?

Table 8: Differences Between Instructor’s Total Activity Time and Course Grades of Male and Female Undergraduate Students

Chi-Square Test N=287 126 undergraduate males 161 undergraduate females Chi-Square Critical 32, p value at .01 level Chi-Square of 33.3 found

Result: Statistical significance found between the instructor’s total activity time spent in the Learning Management System and grades of undergraduate male and female students enrolled in courses taught by the faculty member.

Conclusion

Statistically significant findings were discovered for five (71%) of the seven research questions indicating that the total activity time the instructor spent in the Learning Management System had an effect on students grades regardless of modality. A brief discussion regarding these findings and two secondary problems addressed in this exploratory research study are described below. The primary research matter was to determine if there was a relationship between the instructor’s total activity time devoted to assessing student performance and the final course grades given to students enrolled in courses taught by this instructor during 2018. RQs 1, 2,5,6 addressed the main focus of the study and concluded that statistically significant relationships between the instructor’s total activity time on the LMS resulted in differences in students ‘course grades. Data derived from the data analysis supports the premise that when a faculty member allocates more time to carefully review student assignments, greater grade variations occur. One of the secondary research goals investigated was to ascertain if variances existed between the instructor’s total activity time and grades given to females and males (RQ 7). It was found that there were statistically significant differences found between the instructor’s total activity time spent in the Learning Management System and grades assigned to undergraduate male and female students enrolled in BA 321 Principles of Management courses taught by the faculty member. This finding can be attributed to several factors. BA 321 Principles of Management is a course required of all undergraduate business students. Nine (50%) of the 18 courses taught by this instructor during 2018 were BA 321 Principles of Management courses (3 – 33% face to face, 6 (66% online) involving 179 students or 58% of the total number of students taught by the faculty member that year. Two explanation may account for the disparity in grades between males and females. In a previous investigation by this researcher (Keller, 2020) the amount of time female students invested in their studies surpassed that of their male counterparts. The findings in this study supported the notion that more time allocated to quality work resulted in higher grades. Another reason that may account for female/male grade disparities could be due to the disparity of the number of females/males enrolled in the nine courses (females – 96 (54%), males 83(46%), by modality the differences are quite revealing (face to face courses females 25 (24%) compared to males 32 (56%) – online (females 96 (54%) contrasted by males 51 (42%). A third finding of RQ 4 was there was no statistically significant differences found between the instructor’s total activity time spent in the Learning Management System and course grades of Masters degree students enrolled in face to face and online courses taught by the faculty member. This conclusion is not surprising given the small sample size composed of 2 (11%) of the courses taught by this researcher in 2018. The two Masters courses were comprised of 21 students (7% of the total student population of 308), 9 were enrolled in a face to face course whereas 12 were enrolled in the online version. Additionally, the results of RQ 4 findings were consistent with findings from the research study noted above showing that Masters degree students (regardless of modality) dedicated the same amount of time to their studies. Given the small size and near parity of class size, it is reasonable to conclude that few if any differences would be expected. A fourth finding derived from RQ 3 demonstrated that there was no statistical significant relationship found between the instructor’s total activity time spent in the Learning Management System and course grades of students enrolled face to face courses taught by the faculty member. This researcher spent on average 26 hours evaluating assignments from face to face undergraduate courses and 50 hours for graduate courses. The result found in RQ 3 is consistent with the Keller (2019) study that found there was no statistically significant relationship found between students’ total activity time (in hours) and final course grade. While the disparity in hours spent evaluating student assignments reflects differing degrees of academic levels, assignment difficulty, nature of assignments, etc. the average amount of time devoted by this instructor did not skew the allocated grades.

Future Research Two suggestions for future research on this topic are suggested. The first is for more research to be conducted on how much time faculty spend evaluating student assignments. A literature gap was noted in this investigation. While an anecdotal average of time calculation for reading/grading assignments was located, it was not based on reliable data. Clearly, LMSs provide accurate and readily available data for further analysis. A second recommendation is to expand the number of subjects in the research population (faculty and students) that can enlarge the amount and diversity of courses and disciplines observed to create a baseline from which further research can be conducted and perhaps drive improvements regarding study and grading methodologies.

References

Brozina, C. & Knight, D. (2015). Learning management systems: What more can we know? Proceedings of the ASEE Annual Conference & Exposition. 2015, 1-14.

Brown, M., Millichap N. & Dehoney, J. (2015). What's next for the LMS? Retrieved from https://er.educause.edu/articles/2015/6/whats-next-for-the-lms

Cherng-Jyh Yen, & Abdous, M. (2012). A study of the predictive relationships between faculty engagement, learner satisfaction and outcomes in multiple learning delivery modes. International Journal of Distance Education Technologies, 10(1), 74–87. https://doi-org.access.library.eou.edu/10.4018/jdet.2012010105

Dwivedi, P., Bobek, S. and Sternad Zabukovsek, S. (2019). Factors affecting students' engagement with online content in blended learning, 48(7), 1500-1515.

Findlay, S. (2010). The decline of studying. Maclean’s, 123(35), 68–69. Retrieved from http://search.ebscohost.com.access.library.eou.edu/login.aspx?direct=true&db=bth&AN=53464722&site=eho st-live

Gary, C. Y. (2013). Students’ perceptions of faculty usage of learning management systems. Review of Management Innovation & Creativity, 6(20), 61–69.

Keller, G.F. (2020). Comparing the total activity rates and grade outcomes of students at a rural university: A one year analysis. Journal of Business Management & Change, ISSN 1937-6839. Spring 2020.

Kreuter, N. (2013). The math doesn’t work. Retrieved from: https://www.insidehighered.com/advice/2013/04/22/essay-hours-faculty-members-work-each-day

Machajewski, S., Steffen, A. Romero, F. & Romero, E. (2019). Patterns in faculty learning management system use. TechTrends: Linking Research & Practice to Improve Learning; 63(5), 543-549.

Mandernach, B. J., Holbeck, R. (2016). Teaching online: Where do faculty spend their time? Retrieved from: https://eric.ed.gov/?id=EJ1124530

Morrison, D. (2015). Does it take more or less time to facilitate and develop an online course? Finally, some answers. Retrieved from: https://onlinelearninginsights.wordpress.com/2015/05/08/does-it-take-more- or-less-time-to-facilitate-and-develop-an-online-course-finally-some-answers/

Nilson, L. (2015). The need for a new grading system. Retrieved from: https://tomprof.stanford.edu/posting/1443

Nonis, S. A., Relyea, C., & Hudson, G. I. (2007). An exploratory investigation of the impact study time and study habits have on academic performance of college students. AMA Winter Educators’ Conference Proceedings, 18, 18–19. Retrieved from http://search.ebscohost.com.access.library.eou.edu/login.aspx?direct=true&db=bth&AN=32571600&site=eho st-live

Nonis, S., & Hudson, G. (2010). Performance of college students: Impact of study time and study habits. Journal of Education for Business, 85(4), 229–238. https://doi- org.access.library.eou.edu/10.1080/08832320903449550

Stamm, R.L. (2013). An examination of faculty and student online activity: Predictive relationships of student academic success in a learning management system (LMS). Idaho State University. Retrieved from: https://search.proquest.com/openview/ec079faaf7e2c19726ebe76af1499245/1?pq- origsite=gscholar&cbl=18750&diss=y

Cybersecurity, Ethics, best Practices, & Risk Management in Small Businesses and New Ventures: A Research Review, Organization & Management

Dr. Sumeet Jhamb, Ph.D. University of Alaska Anchorage

Agnes Tobey University of Alaska Anchorage

Abstract

Most small businesses and new venture startups today face significant cyber-attack threats. The quick jump in the innovative mastery all over the globe is described with the upgrade of cyber-attacks. The cyber vulnerabilities related to the mechanical rise ordinarily focus on the business organizations and, at the same time, empowers the mindfulness about the conceivable working standards of these potential causes of cyber-attacks. Besides, if the cyber insusceptibility measures are impressively disregarded, this will, at the same time, influence the few functional units of a business association. The potential virtual hackers look for access to the secret data of the client by utilizing a few debase implies. This investigation will likely address the potential dangers that can be brought about by the few cyber-attacks. This research review describes the possible methods for managing effectively the possibility of cyber-attacks on small businesses. The document shall also discuss the best ethical practices in combating the menace. Moreover, this examination is devoted to addressing the potential parts of alleviating this growing issue of cyber risk management. This exhaustive similarity may locate its utility as it represents an installed purpose to improve the hierarchical exhibition. As there exists a sheer plausibility for the virtual hackers to control the access to information that may disturb the consistency of authoritative workforce, it very well may be referred to as an accessible archive in the hierarchical point of view since it is resolved to cook the target of a particular venture indisputably.

Keywords: Cyber-Attacks, Cybersecurity, Ethics, Internet, Righteousness Theory

Introduction

The increasing use of internet for small businesses and personal purposes has become the foundation of improvement in the world today. In most activities in organizations today, such as data research, financing, and social registering, shows how businesses rely on the internet. Companies use the internet, data, and innovation to carry out online transactions and other business functions. Currently, over 80% of business transactions and exchanges are undertaken through the internet. Therefore, since businesses rely on the internet for a variety of functions, there is a need to have top-notch security for safe transactions. The issue of cybersecurity covers a broad perspective, including the security of IT frameworks and advanced systems that businesses rely on. Cybersecurity is a function of data innovation. It is essential to improve data security in companies and states since it is not only suitable for companies but also financial well-being (Ben-Asher and Gonzalez, 2018). Today, society has become a fundamental subject to cyber frameworks through social practices such as finance, commerce, national security, vitality, and medical services. Recent research discoveries established that there is a dire need to protect and expand data protection networks now than never before. Internet users are becoming cautious of exposing their data on the internet, especially when required to disclose personal data. There is no substantial justification for holding people’s data on the web. Exploration of such similitudes concerned with cybersecurity may help improve the conversation around cybersecurity in several ways (Waltermire & Perper, 2019). For instance, the public shall gain a clear comprehension of the implications of information and ideas that we have transferred from spaces to cybersecurity areas. Also, it will help us to evaluate creative analytics and arrangements to cub cybersecurity. The techniques that will prove to be useful will be changed into entirely new models or sets of concepts for shaping cybersecurity matters. Additionally, it will make more explicit the dynamics and ideas about cybersecurity in ways that standard members of the population will understand. Cybersecurity considers that businesses and individuals make decisions, set them up, and store them on the internet. Also, comprehensive cybersecurity protects both programs and equipment. It covers assets and personal data from access via technological techniques. If we expect different results on matters of cybersecurity, it is high time we considered taking various means. The issue may not be fixed by introducing more innovation. Top business administrators and the information technology experts must combine their efforts to create a way out of cyber threats.

Cyber Security and Risk Management

Right now, of the headway of mechanical ability, the virtual space has gotten an indispensable accomplice to adapt up to. To react to this expanding client access of virtual interface with an objective of improving the trading of administrations and data, clients and external servers began to appreciate many open doors in the cost of an ostensible consumption (Waltermire & Perper, 2019). On that note, it can likewise be tended to that the danger of cybersecurity has raised itself to the status of principal significance since this fast jump of mechanical skill and flawlessness empowers them with simpler intends to seek after their rebel purposes. This headway has encouraged the programmers alongside other cyber interlopers to break the firewalls and other virtual insusceptibility frameworks effortlessly. In some cases, they have had the option to convince the affected business or individual to disclose their private data while enticing them with modest individual favors. Sending messages and a few different connections to objective prey is a standard procedure to achieve this defile quest for the cyber interlopers. This connection, for the most part, accompanies the supplication to select for the proposed educational program with appealing guarantees of individual benefit. At whatever point the prey client has chosen with their own and classified subtleties, the entirety of this uncovered data has been repeated or diverted on an outsider website page (Ben-Asher and Gonzalez, 2018). The programmers or the virtual hackers, therefore, appreciate the entrance of the target clients and, in the long run, get hold of the banking and other money-related subtleties. This is a typical method to gain access to the detailed intricacies, which they subsequently endeavor to have their benefit. This can be referred to as one of the regular statements of cyber risk, and this accusing can be supported as a fundamental abhorrence that innately lies right now interface. This is the simple idea about the observational area of cyber risk, and all the clients need to define pompous mindfulness about this to support the classification of their subtleties and subtleties of their money related statuses (Jabee and Alam, 2019).

Overview of Cyber Risks and Small Business Foundations

For us to understand the subject better, it is critical to explore this proclivity of virtual weakness as a quick result of this fast jump in innovative ability by which this age is typically characterized. Programmers and a few other cybercriminals misuse this inadequacy of reasonable security include that it can be portrayed as the defile maltreatment of these inherent vulnerabilities. The various sorts of Cyber risks can be shown as follows: Malware-Malware can be described as the composed combination of different kinds of cyber and virtual hazards and for the most part, comprises of Trojan and other indistinguishable viruses. It tends to be delineated as the methodically conceived code of guidance that normally concocts the rebel purpose to hack the safe arrangement of private data. Moreover, it holds the possibility to crush the whole mechanism of data. Malware generally shows up in the virtual situation combined with the connections that contain vindictive messages, and the subsequent download of the appended associations may proclaim the issues related to weakness (Churches, Bennett Moses & Zalnieriute, 2019). Phishing attacks-These sorts of aggressors, as a rule, request a robust measurement of data from a remote specialist. Besides, some of the time, it accompanies a solicitation to try out a given connection that has been supplied with the past link. On that note, what can be filled in as a solid file of virtual interruption where a portion of the connections request individual and secret data. As of late, this product has changed itself into a progressively refined and exquisite variant where it urges the client to divert to a third interface, and the divine hackers empower them to take the accessible data of the remote servers and the clients. In this way, it has gotten more straightforward and convenient for the programmer to administrate their evil plan (Churches, Bennett Moses & Zalnieriute, 2019). Password attacks - This kind of attack is usually portrayed by the goal of the interloper to break the forced secret word of the client just by starting access to the client's framework. This kind of aggressor ordinarily doesn't fuse any kind of debase directions and codes. Also, it doesn't misuse any product to proceed with their goals. Right now, it is typically managing a one of a kind programming that is staunchly coordinated with the secret phrase of the prey client. It, for the most part, breaks the forced secret key to the arrangement of the client. There are some particular applications related to the program that can start the beast's power attack. This kind of programming is typically concocted and told to split the secret word of the objective client (Churches, Bennett Moses & Zalnieriute, 2019). DoS - This kind of aggressor, for the most part, grants intensity to clutter the standards of a one of a kind system. Logically, the technique for forcing Dos attacks is exceptional as far as an application since the hackers transmit a significant volume of system signals. It is proposed to block the traffic of the system by over-burdening it. This sort of attack is impressively the most widely recognized type of cyber dangers since it revels the client to defeat the blockage of the system forced by the virtual interloper. Meanwhile, the programmer utilizes different methods to procure access to the saved data. MITM attack-MITM represents Man in the Middle, where the aggressor is expected to mimic the various end hubs in a particular interface of administrations and data trade. These kinds of attacks are generally described and found in the banking and money related parts and inclined to address the interface of online exchange. As a rule, this sort of attack earned it access through a non-illusive remote access hub. Since they appreciate this office of shared trade in the interface, they have encouraged the entrance to all the related measurements of data possessed by the client (Šendelj, Lombardi, Ognjanović, and Guarino, 2018). Malvertising-In malvertising, the virtual hacker, authorizes the client to compromise with the fixed workstations while joining a few guidelines of rebel purpose. This perniciousness is inclined to happen at whatever point the client is urged to download some suspicious file of commercial. These have been a typical practice for the potential interlopers to transfer suspicious and malevolent substances in the divine interface to interest the clients and to access their information illegally. Tapping on that infectious connection would divert the client to a different outsider interface and snatch the private data over yonder. This can be delineated as a procedure of virtual commandeer and the taken data as a payoff to accomplish the required cybersecurity objective (Vitunskaite, He, Brandstetter & Janicke, 2019). Eavesdropping - This can be outlined as a virtual mode catching where the potential interloper is inclined to hear some out private trades illicitly. Eavesdropping is generally polished among the differing and shared hosts of a specific system. This isn't an extreme sort of virtual risk and can be settled by following some straightforward measures (Vitunskaite, He, Brandstetter & Janicke, 2019). Clickjacking - This kind of aggressor, for the most part, focus on the virtual interface generally utilized by the client using some malevolent heavenly directions as secret codes. Diving profound, this procedure usually is portrayed as a shameful move from the programmer's site that utilizes an underhanded move and makes the client click on a suspicious catch. That catch is additionally molded to divert the particular client to another site page. These kinds of attackers can likewise be outlined as the potential ruffians who are inclined to take some critical data from the system of the client (Vitunskaite, He, Brandstetter & Janicke, 2019).

Research Questions

R1: Have cybersecurity and cyber risks significantly influenced and transformed the operations of small businesses and new venture startups from a phenomenological research standpoint? If yes, will this phenomenon continue to be the real trend in the near future? R2: Will promoting cybersecurity ethics and best practices be significantly beneficially essential and critical in positively furthering and bettering the business operations of small businesses and new venture startups and multifaceted interactions between businesses and systems? R3: Will descriptive and interpretive phenomenological research designs be significantly and considerably influential and positively constructive in understanding and determining the effects of cybersecurity management on small businesses and new venture startups?

Historical Perspectives, Theoretical Considerations, Background, and Literature Review

The controversial issue of cybersecurity has been here for over 50 years now. The first cybersecurity issue was undertaken in 1968, and it was widely referred to as the capture of the East German government. In 1983, secondary school students hacked unclassified military systems and accessed vital national security data. The students' group named itself the 414s. Ten years later, the main concerns on cybersecurity emerged in Estonia, and the nation was forced to convene a national security circumstance. Today, cybersecurity has become a regular exercise that affects small and large corporations as well as individuals. Hackers use news that reports spam, cyber undercover articles, scholarly articles, and tricks to get into people’s or businesses’ sensitive data. These simple activities with hidden meanings have made the issue more pertinent and increasingly significant. Therefore, it is not realistic to treat cybersecurity as a simple issue of boosting personal security or securing a business because it deals with a broader security space of a state, society, and the economy. Cybersecurity is not about what we consider essential to our everyday life. We need to focus further on the legislature and other unmistakable entertainers. According to Tomlins (2019), the change in political articulation on matters of cybersecurity issues makes it hard to address cybersecurity issues. Researchers have looked deeper into such issues in an attempt to find a lasting solution. This paper shall focus on two comprehensive perspectives of cybersecurity: cybersecurity itself as a subject and cyber securitization. The two factors have strongly interconnected and play a critical role in educating the contemporary conversation of ideas. The issue of cybersecurity can be characterized as about insecurity carried out in cyberspace and the acts of making it progressively secure. This explanation, therefore, endeavors to display that cybersecurity is not just a specific issue that is associated with software engineering or advanced data innovation. Instead, it is a concept with cybersecurity-related numerous problems that have been talked about of late. Generally, cybersecurity is a vast subject with complex issues. The functional aspect of cybersecurity is about the issue of viruses of various bugs. Wrongdoing undercover work focuses on the evil actions of computerized hackers and cyber evildoers. The military-common guard is concerned with the subject of cyber clashes as well as the crucial framework security. This classification was developed based on dangerous sources and undermine the object. A comprehension of this relationship that utilizes the securitization theory will be useful for this paper. The theory suggests that cybersecurity is a division with groupings of dangers and referent articles. Cybersecurity threats have been on a constant increase since the first occurrence. There were over 600 million new cases of malware that were detected in 2019. This represents a 42% increase from the number of cases detected in 2018. This increase further shows how the problem is becoming critical, conserving that in 2010 there were only 10 million malware cases detected on the internet. Small businesses are required to adopt technology for smooth operations, while this technology leaves them extremely vulnerable. These infections can exploit, steal, or manipulate the market or individual data. Analysts have always encouraged businesses to commit funds in acquiring a cybersecurity posture that will provide a secure layer of protection. Additionally, ransomware arose, and hackers widely used it. This is a new malware that hackers use to lock users out of their gadgets, such as computer systems. Hackers utilize this tool intending to extort money from the systems they infect. The primary targets for ransomware are personal users and hospitals. End users are the main target because they don’t have the resources and the capacity to recover appropriately from an attack or to prevent it from occurring. Hospitals are not easy targets because they are concerned with confidentiality and data integrity. End users and small businesses belong to the same category based on the capacity to protect themselves from malware. Both of these groups typically have equal cyber-security control measures. That is why these two are significant targets for malware. Recently, there has been an increase in the diversity of ransomware attacks. The rationale behind them has also expanded exponentially. Previously, most hackers were interested in blanket attacks; they aimed to access the maximum possible amounts of money in a short amount of time. Today, hackers are not involved in the capital. They are attacking specific businesses intending to get sensitive data. For instance, they target hospitals and small businesses or any other organization that cannot recover with any loss of data. This approach implies that small business owners will continue being victims of hackers who use ransomware because they may not have the capacity to rebound from the lost data. The role of technology cannot be ignored in this topic. Many areas of technology have rendered businesses and users to cyberattacks. The primary area of interest of researchers is the vulnerabilities accrue from the use of consumer electronic systems. Also, the means that business owners use to protect their data is another crucial area of interest. In an attempt to research the security measures of small businesses, researchers established that most small companies outsourced their electronic commerce web sites. A basic Google search would find the IP address and the OS of the server hosting the site, even though the function is outsourced. They also established that appropriate ports were secure in the outsourced places. However, there are no sufficient findings to ascertain how small businesses without outsourced sites handle port security and overall data protection. This flaw is enough indication that small businesses are at higher risk of data intrusion and manipulation through simple practices such as publicizing their IP address. Both the use of web technologies and the publication of IP addresses are a potential exploit to small businesses and business owners. There are three major theorized contributing factors that expose vulnerabilities in web technologies. The primary weakness is the proliferation of high-end technologies, such as Web 2.0. The second one is the sudden shift in the target of hackers. The hackers have shifted from targeting money or technology infrastructures to targeting sensitive data. Thirdly but most importantly, is the insider threat. In 2011, the minimum cost of a cyber-security breach was estimated to be $190,000, which rose to about $263,000 in 2015. Today, the same breach costs over $350,000. Cyber-terrorism is another critical form of threat that has become an issue of interest to governments and commercial entities. The danger is growing at a rapid rate such that researchers have called for a framework to establish a cyber-terrorism framework. Research has found out that governments are increasingly becoming the primary targets of cyber-attacks by terrorists. In the same way, businesses with access to government information and networks are facing an equal threat. The government is trying g to incorporate small businesses to help in conducting government work. The continued use of small businesses to accomplish government work makes this a real threat. In ten future, cyber-terrorism may continue to pose a significant threat to big and small businesses if the security techniques will not be hardened to adapt to the latest threats. Smartphones, mobile devices, and web technologies are slowly monopolizing commerce. The majority of small businesses and some medium-sized companies rely on smartphones and tablets in their activities. However, most of these businesses cannot secure their devices and exposes them to threats. Small companies do not have the financial muscles and capabilities that large corporations have to keep pace with these emerging threats. There is a need to develop more cost-effective ways to keep data safe for small businesses. The role of social media mobile devices cannot be overlooked in the matter of cybersecurity. Small businesses rely on social media for marketing and other functions such as recruiting employees and reaching out to customers. The use of social media applications provides an easy avenue for hackers to assess critical information about businesses and customers. Therefore, the use of social media is a vulnerable point of access that enterprises must protect. Primarily, companies must protect data that is transmitted and stored electronically. Another growing concern for small businesses and startups is the issue of data storage—the methods of storing and sharing data advances with the advancement in technology. The Internet of Things and embedded devices (such as microchips, actuators, and sensors), mostly share data through internet software or other communication devices. The majority of small businesses utilize most of these IoT devices. They use the tools to transmit data through the internet and other wireless technologies. Whatever the type of connection a company prefers, the data protection technique is critical. Small businesses adopt some technologies such as 4G networks assuming that they are safe. Some presume that the vendor has ensured data protection. It is the role of the small businesses to ensure that both data store and that in transit is protected and safe from malware. They must encrypt the data they store as well as that on transportation. Furthermore, the platforms used to run servers, and network devices on the network are other potential exploits. These servers have millions of lines of codes that carry inherent security vulnerabilities. Operating systems and personal computers are equally vulnerable to cyber-attacks. A cyber breach on a device or a server can take more burdensome consequences depending on the kind of data hosted or stored.

The Information Landscape of Small Businesses and New Ventures

New venture startups and small businesses have a fortune trove of data that programmers couldn't imagine anything better than to access (Mraković & Vojinović, 2019). A few organizations have a store of the client, such as credit cards and checks in their beginning time. Such data is very significant for the programmers who might need to lead the budgetary misrepresentation. Furthermore, programmers are likewise keen on taking inventive thoughts and licensed innovation that new businesses have. Terrible characters also go through the beginning's innovation framework to get into an extensive enterprise system. This is because many new companies and small businesses go about as outsider sellers to massive firms and give auxiliary administrations. The 2013 U.S Visa break that happened at Target occurred because of the vulnerabilities in the system of an outsider merchant (Medlin & Hartley, 2018). The programmers got to the internal arrangements of the Target by taking the system certifications from the outsider seller organization that was given the agreement for HVAC administrations. When the programmers fed the data into the system, they transferred malware to sales enlists within Target stores. The malware step by step spread to a large portion of the Target's retail location gadgets that, at last, prompted the robbery of upwards of 40 million Visa subtleties.

Furthermore, danger entertainers are always at work. This coincidentally implies a new company’s site, arrange, server, and so forth can be hacked any minute (Medlin & Hartley, 2018). As indicated by an examination led by Trend Micro, consistently 3.5 new cyber dangers happen (Hieb, Im & Gainous, 2019). This represents an expanded hazard to the new companies. That is so because more large organizations have made their frameworks better in terms of security while small businesses with low-security standard levels are exposed targets for the programmers. The development in the utilization of portable applications, web applications, and enormous information has expanded attack surfaces (Hieb, Im & Gainous, 2019). The vast majority of the small businesses and new businesses in the administration division, convey their items and administrations through versatile applications and web stages. Consequently, ensuring them ought to be the higher need, yet no consideration is paid by occupied businesspeople, who don't consider data to be as one of the business needs. Fourthly, small corporations, and new companies are currently shifting to web-based options because the cloud administrations are more affordable (Hieb, Im & Gainous, 2019). Nonetheless, the programmers know one or the other why dangers focusing on the cloud are presently expanding every day. According to the research conducted by McAfee Labs in 2018, they established that in the forthcoming year 2019 and the years to come, cloud dangers would increase necessarily in this manner, expanding the hazard for the new companies and small businesses. Not just these organizations are at a significant danger of information rupture, but also representatives, particularly from the top administration, are at the radar of programmers (Leaning & Averweg, 2019). A fascinating occurrence that clarifies this is the hack of the Twitter record of Hootsuite's CEO by the programmer group known as OurMine. In this case, the programmers accessed his Twitter account utilizing a side-entryway. The unfortunate casualty had empowered the Foursquare application to get to his Twitter account, a procedure referred to as "AppAuthing." The system was hacked, and a significant amount of information was altered, such as the qualification of the person in question. The hackers used his criteria to access his Twitter account and begin using it to tweet controversial information. Hacking the individual record of a person of such a stature requires plenty of needs for the programmers. Such a hack does not only expose sensitive data for the CEO but also discloses that sensitive information about the organization he is working for.

Ethics, Righteousness, and Cybersecurity in Small Businesses

For this paper, we can characterize an ethical issue as 'significant' or 'huge' when it’s related or its implications have a significant probability of having any kind of effect on specific people's lives. Also, it may be considered significant if the odds of a gathering to live well or to thrive in the public arena together are affected (Krahl, 2019). There are instances in life, regardless of whether one is disillusioned, does not change a person’s life ethically. Some advantages are too unimportant even to consider making a significant distinction in how our life goes. Additionally, morals infer personal decision; one that is done to me by a wild tiger or an electrical jolt may be extremely critical, yet won't be morally noteworthy, for it's absurd to anticipate an electrical discharge to end my life or welfare into account (Krahl, 2019). In numerous specialized settings, for example, the designing, assembling, and utilization of aviation, atomic force control structures, careful gadgets, structures, and extensions, it is straightforward to see the ethical issues that can emerge out of poor specialized decisions, and simple to see the morally critical advantages of deciding to adhere to the best-specialized initiatives we are familiar with (Krahl, 2019). These settings present apparent issues of 'decisive' by and by; guiltless individuals will kick the bucket if we ignore open welfare and act carelessly or flippantly, and individuals will, for the most part, appreciate better lives on the off chance that we subscribe to good deeds. Since taking the right decision in these settings saves and upgrades the open doors that others need to appreciate a decent life, significant specialized human actions in these settings are too moral activity (Krahl, 2019). A structural designer who determinedly or wildly disregards an extension plan particular, bringing about the following breakdown of said to connect and the passing of twelve individuals is not only terrible at their specific employment. Such an architect is likewise blameworthy of a moral disappointment—and this would be genuine regardless of whether they just so happened to be protected from legitimate, proficient, or network discipline for the breakdown. With regards to matters of cybersecurity, the advantages are no less genuine or morally noteworthy, up to and including incomprehensibly important issues (Krahl, 2019). In any case, because of the reality that cybersecurity endeavors are regularly done 'in the background,' to a great extent concealed away from clients, customers, and different clients, the moral idea matters around cybersecurity can be more earnestly to perceive. The paper tries to make these critical issues on the thing progressively noticeable.

Managing Critical Ethical Issues in Cybersecurity and The Social Media

A. HARM TO PRIVACY Today, there is plenty of information available on the internet through a pool of options. The internet has made access and storage of data more accessible and relatively cheaper. A large portion of us tries not to acknowledge that our cybersecurity activities determine the safety of our sensitive data (Kesan & Hayes, 2019). The absolute most normal cyber threats to security incorporate fraud, in which by and by recognizing data is hacked and utilized to mimic exploited people in money-generating activities. Such activities take out advances in an unfortunate casualty's name or utilizing their Visas to make unapproved buys or used for other criminal activities and purposes such as giving criminals private stolen identities. Illegal access to personal or business information can be achieved through hacking for shakedown, coercion, and different types of unscrupulous as well as unlawful control of individuals' will (Jarocki & Kettani, 2019). Security infringement of this sort is regularly used to get unfortunate casualties to damage the interests of outsiders. For instance, utilizing coercion to pressure bargained workers to deceive delicate customer data, exchange insider facts, or participate in different types of corporate or government surveillance and unfortunate behavior. The dangers of protection damage made by inadequate or deceptive cybersecurity activities are intensified further by the proceeded with the development of a disorganized worldwide information environment. This gives most people practically zero capacity to the clergyman, erase or control the capacity or arrival of their private data (Jarocki & Kettani, 2019). Just slender, provincially different, and feebly implemented arrangements of information guidelines and approaches shield us from the reputational, financial, and enthusiastic damages that arrival of delicate information into inappropriate destination can affect. Indeed, even innocent information can be manipulated through some databases to uncover personal realities (or much of the time, misrepresentations) about us. The protection of data is a comprehensive exercise that is not limited to securing our online activities. Some human body aspects, such as a facial walk or voice recognition, are used to find versatile personal information that can be used to distinguish and assemble data of a person depending on the findings from their traits. Note that security damages don't just undermine those whose critical data is legitimately presented to cyber threats. Even the individuals who attempt to live 'off the advanced network' can't keep delicate information about them from being produced and shared by their companions, family, businesses, customers, and specialist organizations (Paxton & Graves, 2019). For instance, people who try to secure their data through personal efforts and encryption of their sensitive information may be directed by their restorative supplier, where information about them might not be stored safely. In organized social orders, touchy information once in a while remains limited to the advanced setting in which it was initially made or shared. This squeezes cybersecurity experts that are progressively entrusted with the duty of providing and safeguarding data against individual and hierarchical security damages (Paxton & Graves, 2019). Since own control and regulation of sensitive information is frequently virtually unthinkable to keep up in arranged situations, particularly without the advantage of profoundly specific preparing and propelled cybersecurity apparatuses, the moral duty of forestalling hopeless protection damage falls progressively upon cybersecurity experts as opposed to the first 'proprietors' of the sensitive information. In this way, poor cybersecurity rehearses, from remiss fixing endeavors and obsolete encryption apparatuses to an absence of occurrence reaction arranging, can be something beyond inadequate. In essence, they can be untrustworthy, to the extent that they pointlessly or carelessly open others to significant individual and hierarchical security threats.

B. HARM TO PROPERTY In the sections above, we established that property could be by implication compromised by infringement of information protection, through instruments, for example, blackmail. In any case, frequently property is legitimately focused through cyber intrusions with an attempt to misuse the gadgets take significant protected security innovations to acquire sensitive information such as passwords. They can also take advantage of the opportunity to harm or demolish a person’s or business’s computerized information. (Gnatyuk & Fesenko, 2019). The inspirations for such s shift generally: such property might be directed by benefit looking for criminal ventures; by politically-roused gatherings of entertainers; operators of organization’s secret activities; antagonistic knowledge specialists of remote countries; or by the forceful driving forces of a solitary programmer or aggregate trying to illustrate their destructive power. It is essential to perceive that unapproved s to the property are, regularly, noteworthy ethical; they harm people who depend on the features to gain their selfish interests (Gnatyuk & Fesenko, 2019). It is not always that property is of intrinsic moral worth the way we perceive it seems to be. However, we often have a valid justification for believing unapproved harm to the property to be dishonest— indeed, even in situations when it isn't carefully or unequivocally disallowed by law. In a few instances, the unapproved pulverization of property may be contended by a section of people to be morally supported by a moral obligation. Indeed, in any case, cyber intrusions that target property create critical moral worries. Looking at the arrival of the Stuxnet virus, it additionally tainted a vast number of different PCs of people and associations disconnected to the Iranian atomic program (Hai-Jew, 2019). In like manner, 'hacking back' has been tested as making an inadmissible hazard to honest gatherings since its guarantee impacts are generally obscure. Since cyber-attacks regularly include 'parodying' techniques that make it simple to misidentify the framework answerable for the cyberattack. Despite the legitimacy of actions and policies taken to prevent cyberattacks, the experts entrusted with the function must be ethical. This will ensure that they secure their association with the associations' systems and their customers. Principled and ethical professionals must guide a safe property safeguarding technology that focuses on reducing the effects of interruptions and attacks.

C. CYBERSECURITY RESOURCE ALLOCATION

Resource allocation in cybersecurity is another critical unavoidably significant expense of cybersecurity. It endeavors devour significant entity and hierarchical assets: time, cash, and aptitude (Hai-Jew, 2019). They additionally force high costs on framework assets: cybersecurity endeavors can contrarily sway information stockpiling limit, arrange and download speeds, power productivity, and framework ease of use/unwavering quality. Not having robust cybersecurity quantifies set up usually forces significantly higher and increasingly inadmissible expenses. In any case, a maximally secure system, however, this is unusable, or financially impractical, can regularly not be legitimized—similarly as it would typically not be sensible or reasonable to verify a bank by boarding up and latching the entirety of the entryways. Now and again, even ease of use/item feasibility concerns can't legitimize debilitating security guidelines. If, for instance, an organization needs to make a wireless empowered connection, yet it lacks the assets essential to make that item both viable and sensibly secure from hackers, at that point, there is a solid moral contention that the organization ought not to be an active entity in producing wireless connections (Hai-Jew, 2019). A cybersecurity proficient who approved or, in any case, empowered lax security controls on such a gadget would likewise be abusing moral norms. This is basically because the individual in question would be very much aware of the unsuitable danger of grave to others that their activity makes. When considering the stake associated with correct harmony among cybersecurity features for the property, we realize that it is mostly an ethical issue (Harris, 2019). If for instance an emergency clinic organize security director gets frightened by a suspicious port output of the system and chooses to react to the conceivable risk by quickly holding another and amazingly tedious security login methodology, ignoring the center capacity and issues affecting the clients in the system, they are putting their clients’ lives in danger. Particularly in divisions where the brisk method gets to be required to utilize life-sparing prescriptions or hardware. Along these lines, the undertaking of recognizing a reasonable security and safety feature against cybersecurity attacks as well as other sorts of usefulness is mostly a moral one. Being an ethical issue, it requires us to focus on its dangers, benefits as well as qualities engaged with such a choice. Also, we need to look at the possible effect of the selection on the capacity of others so that they may have great existences.

D. TRANSPARENCY AND DISCLOSURE Transparency and disclosure are a cybersecurity issue that is concerned with activities that affect the safety of other people’s property. It looks at both our general concerns as well as constrained commitments of straightforwardness in activities. Since cybersecurity is one of the typical forms of risk management, and since those dangers altogether sway different gatherings, there is a default moral obligation to uncover those dangers when known, with the goal that those influenced can settle on informed choices (Harris, 2019). For instance, it is, for the most part, consented to be the situation that if an association finds an underlying weakness in its programming, it ought to advise its clients/customers of that revelation in a confident manner. They must be guided by the goal that they can introduce a fix (if accessible) or take other protective measures. However, by and large, the proper mode and degree of the revelation, and what considers an 'opportune' warning, is dependent upon significant discussion (Gafni & Pavel, 2019). For instance, for a situation where a weakness would be trying to find an adventure by an outsider, this may not require a security group to be fixed. It includes a basic system of high utility to clients, a delay in the notice until a fix is accessible might be morally robust. Early exposure would possibly welcome an attack that would somehow, or another is not approaching, making a greater danger to other people. Even though there are some full straightforwardness and divulgence useful rules to take into account, it remains that every cybersecurity situation includes various realities. Also, it spots different products and interests in question, and there is no single precise strategy, decision, or guidance that we can use to ensure fittingly straightforward cybersecurity safety (Gafni & Pavel, 2019). It, therefore, implies regularly that, what is required for each situation is a careful moral reflection on the specific situation and the particular dangers, advantages, tradeoffs, and partner intrigues included, trailed by an ethical judgment on what is right, given the particular realities and choices.

E. CYBERSECURITY ROLES, DUTIES AND INTERESTS Issues to do with cybersecurity are comprehensive and involve various interests and activities. Some of these activities do not work well with each other. In a scenario where the events do not collaborate, it tends to be hazy to whom we owe the best ethical practice. It also complicates our moral obligations to the same. The assortment of cybersecurity practices may likewise create perplexity on the ethical principles of the cybersecurity network (Gafni & Pavel, 2019). Careful moral reflection is essential to figure out such disarrays and land at legitimate choices, specific cases. There has been a continuing discussion on ethical models of cybersecurity network. The debate has enhanced the unique subgroups of individuals belonging to various hacking groups. The initial starting point of hacking on singular PC specialists and casual aggregates calls for the need to grow robust network models inside the rising cybersecurity calling particularly muddled (Gafni & Pavel, 2019). Numerous cybersecurity experts have involved different and contending jobs in the advancement of their security range of abilities and information base. They may feel to be of clashing interests of the society, government, organization officials, customers, and intrigue entities in the security network. The market misuses superbly exemplify the nature of the ethical scene of cybersecurity, where money related motivations are given both for making and uncovering possibly destructive cyber tools. Delineations of strains among various activities and initiatives in the cybersecurity network are simple to drop by (Gafni & Pavel, 2019). An analyst may want to distribute a once-obscure strategy for undermining a well-known encryption key administration framework, for improving the network's information base and prodding investigation into countermeasures. However, a similar specialist may likewise have customers of their cybersecurity counseling firm who would be set at more serious hazards by such a revelation (Gafni & Pavel, 2019). Or then again think about a Chief Information Security Officer (CISO) who wishes to enlist for their 'Red Team' of infiltration analyzers a splendid youthful programmer. The associated aptitudes are unmatched; however, whose polished skill and moral qualities are still immature. The CISO would like to coach this individual entirely into the way of life of 'white-cap' cybersecurity work on, giving more ammo to the 'heroes,' yet knows there is a genuine danger of disappointment—one that could uncover their manager to an inner rupture. The entirety of the issues sketched out above include moral/ethical decisions decided by experts in the industry, decisions that altogether sway the welfare of the business community. All of these moral issues are exceptionally mind-boggling and variable, even though this doesn't imply that they are along these lines abstract (Frantz, 2019). There are numerous reactions to cybersecurity gives that are morally off-base. Others are ethically questionable or miss the mark concerning what we would anticipate from any regarded cybersecurity proficient. Discovering cybersecurity arrangements that are right or legitimate by sensible expert models can be testing and requires careful moral reflection, examination, and critical thinking. This module can show the essential requirement for the aptitudes in this field as well as giving understudies the underlying activities in utilizing them. At long last, the ethical perspective of cybersecurity is in no way, shape, or form restricted to those we have concentrated on. Cybersecurity experts should be mindful of the numerous techniques whose objectives can altogether affect the nature of individuals' lives. They should figure out how to all the more likely envision their latent capacities and advantages with the goal that they can be adequately tended to.

Significances and Consequences of Cybercrime on Small Businesses Cybersecurity issues are increasing as the use of the internet increases. Most organizations today rely on the internet to carry out fundamental business activities. They depend on the internet and information systems to direct business activities. The economic effect of the internet is having an exceeding impact on small businesses and startups. Through the use of the internet, small businesses with constrained finances can market across a wide geographical area hence has a universal effect (Flick, Fisk & Ogoh, 2020). What started as a dark system for specialists and researchers a couple of decades back has developed into an $8 trillion every year web-based business endeavor interfacing more than two billion individuals. The increase in the use of the internet, innovation, and computer development has led to a rise in the emergence of cybercriminals. The cybercriminals take advantage of the reliance on the internet to try to misuse the web to aid their criminal activities. This has led small businesses to be vulnerable in business systems. The global economy suffers over $445 annually, with the majority of victims being small businesses. The robbery of protected innovation surpasses the $160 billion mark in misfortune to people (Flick, Fisk & Ogoh, 2020). Cybercrime is turning into a developing and noteworthy worry for independent ventures. In its 2018 Year-End Economic Report, the National Small Business Association, otherwise called NSBA, found that "half of every single small independent business said that they had been a casualty of a cyberattack. This was a tremendous increase in cyberattacks from the previous year, where only 56% of companies were affected (Flick, Fisk & Ogoh, 2020). Among the individuals who were focused on, 68 percent announced being a cyber victim something other than once. Despite the ascent in cybercrime among private ventures, numerous independent companies stay vulnerable to cyber-attacks because of the absence of assets and shockingly, a lack of information on the danger. The NSBA found that notwithstanding the expanding risks presented by cyberattacks, an amazing one out of four entrepreneurs has next to zero comprehension of the issue at all (Flick, Fisk & Ogoh, 2020). Dr. Jane LeClair, the Chief Operating Officer of the National Cybersecurity Institute, noted in the declaration to the House Committee on Small Business that "Little to medium-sized organizations, otherwise called SMBs are tested both by the capacity and the craving to verify themselves against cyberthreats which makes them extraordinarily defenseless against cyber-attacks. 50% of SMBs have been the casualties of cyber-attack, and more than 60 percent of those attacked leave business. Frequently SMB's don't realize they have been attacked until it is past the point of no return." Like never before, sensitive information, licensed innovation, and individual data of small businesses and startups are focused on an ever-expanding and modern network of cybercriminals. According to a survey done by Symantec, in the last six years, a relentless increment in cyberattacks concentrate on organizations with under 250 workers were analyzed, with 46% of all cyberattacks focused at private ventures in 2018, demonstrating that organizations, both mall and big, are in danger (Flick, Fisk & Ogoh, 2020). An independent company is an inexorably alluring objective for cybercrime. Without anyone else's input, singular independent ventures may not seem to exhibit an excessively alluring goal. Be that as it may, all things considered, independent experiments are a rewarding objective set because of the aggregate financial effect of a private company. As indicated by the Small Business Administration (SBA), independent ventures makeup 99.7 percent of U.S. boss firms. Sixty-three percent of net new private-part occupations; 48.5 percent of private-area business; 42 percent of private-segment finance; and 46 percent of private-segment yield (Flick, Fisk & Ogoh, 2020). Likewise, private venture attacks are expanding because of the present cybercriminals with a simple method to access client Mastercard records and ledgers, provider systems, and worker financial and individual information (Flick, Fisk & Ogoh, 2020). Small organizations will, in general, have more fragile online security. They're additionally accomplishing more business than any time in recent memory online through cloud benefits that maybe don't utilize substantial encryption innovation. SMB's have asset requirements and regularly overlook cybersecurity for everyday tasks or other monetary needs. However, SMB's stay an entryway to access customers, colleagues, givers, and temporary workers employed by SMBs. . . a secondary passage into numerous huge associations. From the perspective of a hacker, that converts into the opportunity of delicate information behind an entryway with a simple lock to pick. Private ventures are especially defenseless against email attacks intently copying those of banks or other confided in establishments and referring to an earnest need to login to a record or give some other fundamental data since various representatives could approach essential data. Further, business accounts abhor a similar degree of insurances and assurances against misfortune and burglary as those given to customers—a reality that some entrepreneurs don't find until it's past the point of no return (Flick, Fisk & Ogoh, 2020). Shoppers are secured by Regulation E, which significantly constrains their obligation in a cyber- heist. Business accounts, nonetheless, are guaranteed by the Uniform Commercial Code (UCC). The UCC doesn't hold banks subject for unapproved installments since "the security strategy is an industrially sensible technique for giving security . . ." Few private ventures that had been casualties of robbery by cybercriminals recovered their lost assets in part of in full. The expense that cybercrime impacts on small businesses are overwhelming. The numbers of small and big firms affected by cybersecurity have exponentially increased in recent years. Today, enterprises suffer up to $20,752 per attack. In 2013, businesses were estimated to suffer $6,927 per attack. The tremendous increase in cost is due to the expanded advancement in cyberattacks plans as the current economy discovers more noteworthy supports accessible in numerous little firms’ financial balances that were there a few years back. Businesses must be informed of the dangers that cyberattack exposes to companies. The effects of cyberattacks are extreme that they may lead to losses or even closure of the business. It is high time organizations made arrangements to meet the expanding cyber threats.

Why Small Businesses and New Venture Startups are Primary Targets to Cybercrime?

Small companies are well-known focuses for cyberattacks because cyber lawbreakers (here and there effectively) expect that your guards aren't as stable as more exceptional organizations (Erturk, 2019). A few programmers may like to concentrate on more significant organizations on account of the proportion of exertion and hazard to their definitive prize. However, others are progressively focusing on small organizations. Right off the bat, littler organizations are regularly the entryways to more enormous prizes. As a significant aspect of a store network, numerous independent companies have proficient associations with more prominent associations. Also, primarily by the idea of the association, they might be the course to a system of delicate information, for example, for contracting administration firms, bookkeeping activities, established firms, conveyancers, and others (Erturk, 2019). These associations are caretakers of sensitive information, extending from client data through to private passwords, frameworks access, and essential money related information — precisely what cyber crooks exploit. They frequently endeavor to hack into littler associations' frameworks to access greater, higher income-producing organizations as well. Home Depot's 2017 information rupture is a celebrated case of this cyber crooks took the retailer's system certifications through an outsider seller and utilized them to hold onto the credit and charge card data of 56 million Home Depot clients. Furthermore, with undertakings, even though there are more passages and is more cash to take, and maybe surprisingly better information to strip, there will likewise be expanded cybersecurity to keep their frameworks tight. Endeavors, for the most part, will have the assets to put resources into cybersecurity, including the correct devices, individuals and forms, and the ability to prepare forefront staff adequately. Relatively, littler organizations and new companies will, in general, concentrate proportionately additional time and exertion on getting a business ready for action, creating riches and thoughts, and getting a brand out there (Etschmaier, 2019). You might not have a lot of involvement in business cybersecurity, other than infection protection, and you likely don't have a lot of assets to commit to the reason. We as whole know entrepreneurs and startup authors need to wear numerous caps and being a cybersecurity boss most likely isn't one them. While the significant ruptures stand out as truly newsworthy, just beneath the surface, there is a steady and expanding level of cybercrime that is focusing on littler associations (Etschmaier, 2019). In the physical world, large organizations have the assets to utilize security watches, complex checking frameworks, and cutting-edge passage gadgets. Independent companies are focused because they frequently don't have measures so that hoodlums can dodge recognition. The equivalent is valid for the virtual world as well. Tragically for an independent venture, the outcomes of the bargain can be extreme since they are less ready to adapt to the expense and harm. Notwithstanding the tremendous number of attacks vectors a huge enterprise offers, many cyber criminals additionally don't have what it takes, or even the persistence, to attempt to get through the safeguards (Etschmaier, 2019). Independent companies are defenseless because they frequently don't have a lot of spending plans for security gauges and don't wholly value the size of the hazard they face. Numerous independent ventures likewise disregard the estimation of the data they store, trusting it to be of little enthusiasm to anybody. Be that as it may, littler organizations can be essential focuses for pernicious programmers. Any amicably recognizable data on clients like email addresses, telephone numbers, or installment card subtleties, is vital to programmers who can utilize it to submit extortion or sell it on the dark web (Etschmaier, 2019). Some independent ventures don't understand they might be focused on because they are a section point to the system of a more prominent organization they work with. It's additionally critical to consider who is coming all through the workspace.

The Role of Ethical Research Frameworks in Cybersecurity Practice Management

We noted that cybersecurity experts, notwithstanding their unique expert commitments to people in general, likewise have the equivalent moral obligations to their kindred individuals that we as a whole offer (Domingo-Ferrer & Blanco-Justicia, 2019). What may those commitments be, and by what method should they be assessed close by our expert commitments? There are various well-known ideas that we, as of now, use to discuss how, when all is said in done, we should treat others. Among them are the opinions of rights, equity, and the benefit of all. Be that as it may, how would we characterize the substantial importance of these significant goals? Here are three typical structures for understanding our general moral obligations to other people:

I. VIRTUE ETHICS Uprightness ways to deal with morals are found in the antiquated Greek and Roman customs, in Confucian, Buddhist, and Christian good ways of thinking, and current everyday masterminds like Hume and Nietzsche. Prudence morals center not around rules for fortunate or unfortunate activities, but on the characteristics of ethically incredible people (e.g., excellencies). Such hypotheses are said to be character- based, to the extent that they mention to us what an individual of temperate character resembles, and how that ethical character creates (CRIMP, 2019). Such speculations additionally center on the propensities for the activity of idealistic people. For example, the tendency for control (finding the 'brilliant signify' between limits), just as the goodness of reasonability or viable knowledge (the capacity to perceive what is ethically required even in new or surprising circumstances to which regular sound principles don't have any significant bearing). By what method can temperance morals help us to comprehend what our ethical commitments are? It can do as such in three different ways (CRIMP, 2019). The first is by assisting with seeing that we have an essential ethical commitment to make a predictable and cognizant exertion. it will help to build up our noble character to improve things; as the logician Confucius stated, the genuine moral fizzling isn't having flaws, 'yet rather neglecting to correct them.' The second thing righteousness theory can let us know is the place to search for benchmarks of direct to follow. Righteousness hypotheses guide us to search for them in our social orders, in those unique people who are praiseworthy people with characteristics of character (excellencies) to which we ought to strive for (CRIMP, 2019). The third thing that ideals morals do is direct us toward the long-lasting development of functional astuteness or great good judgment. The capacity to recognize which of our commitments are most significant in a given circumstance and which activities are well on the way to prevail with regards to pushing us to meet those commitments (CRIMP, 2019). Temperate people with this capacity thrive in their own lives by acting legitimately with others and add to the benefit of everyone by giving an ethical guide to other people to appreciate and follow.

II. UTILITARIAN ETHICS The utilitarian theory of ethics attempts to determine right from wrong based on the outcomes. It is commonly related to consequentialism. The theory holds that the most ethical choice is that which produces the highest good for all. It focuses on benefiting the most considerable number and goodness for many. It is based on this theory that military wars can be justified. Also, the utilitarian ethical theory is the typical approach that analysts use to moral reasoning. It is also used in businesses because it has an excellent account of benefits and costs. The major limitation of the theory is the fact that we cannot predict future inaccuracy. No one knows with certainty what tomorrow holds. In the same way, no one knows indeed whether the consequences of our actions today will have good or bad in the future. Also, the theory has a significant limitation in accounting for values like individual rights and justice. Utilitarianism, in its attempt to assess the consequences of one’s action, relies on the theory of intrinsic value. According to this theory, benefits are believed to get their worth from inherent good as a means to an end. The approach makes it possible to compare the intrinsic values yielded from two alternative actions. A moralist can sum up the units of pleasure and units of pain for the affected persons both now and in the future. This approach could balance a measure of the general evil, or the high tendency of a person’s doing. However, the theory faced significant criticism. For instance, analysts argue that it is not always guaranteed that an occasional lie, such as stealing from a wealthy person, would not have functional consequences. The theory readily believes that the widespread practice of a person’s acts must result in a loss of trustworthiness. Also, another objection comes from the belief that the value of life is just more than a balance of pain and pleasure. On the contrary, there are differences in the quality of preferences that make some intrinsically more consequential to others. Lastly, the elimination of suffering must take precedence over any actions that increase the happiness of those that are already happy. However, modern utilitarian has modified the theory to limit the moral obligation to prevent suffering.

III. DEONTOLOGICAL ETHICS This theory is a contrast theory to a practical one. The deontological theories judge the morality of choices by differentiating the state of affairs that the options bring about. According to this theory, some preferences cannot be justified by their effects. In other words, no matter how ethically sound, the consequences may be, some choices are forbidden. It, therefore, implies that we cannot make confident wrongful choices even if these kinds of wrong decisions may be minimized. The minimization of these choices gets prevented from engaging in these false choices. For this theory, the decision of whether a choice is right or not is how it conforms with a moral norm. The norms are expected to be respected by every honest person. However, the criterion keepings may not be maximized by each person or agent. Therefore, the right comes before good. An action may not be undertaken if it is not in accord with the right, even though how good it may look. Actons might be right, even though their actions do not have maximum functional consequences. These actions are permitted in the weak sense that there is no obligation and also in the firm belief that a person is allowed to o them even though they have fewer good consequences but productive. These actions include those that one is obligated to do as well as that one is not forced to do. More importantly, the deontological theory is both victim-centered and agent-centered. Each agent’s ethical concern asks for clarification as to why an agency is or is not involved in various situations. Our agency is defined by our intended means and intended ends. The intentions determine what we should achieve through our actions. If, as humans, we want to make something terrible at the end of a course or use adverse reactions to reach a selfish beneficent end, then we set ourselves as evil. The theory is guided by three forces: belief, risk, and cause. In case we predict that an act may result in crime, this is a belief or a cognitive state. We must believe that we take extreme risks to some extent for the result to achieve what we intend to bring about by our actions. We can risk or cause such effects without meaning to. As per this rule, human lives are definitive wellsprings of all virtue. I consequently have a general ethical commitment to treat other human beings in manners that recognize and regard their unequivocal worth and to not treat them only as devices to control for lesser purposes (Cleveland & Spangler, 2018). What's more, since I am human, I can't ethically permit even my reality to be utilized as an unimportant device for some lesser reason (for instance, to intentionally sell out my honesty for cash, notoriety, or endorsement). This standard features my obligation to regard the nobility of every human life consistently. This hypothesis is likewise connected with a specific thought of equity, like treatment that perceives the fundamental balance and vital poise of each individual, no matter what their identity is or where they live. Such reasoning is regularly viewed as at the core of the cutting-edge principle of natural human rights.

Recommended Best Practices for Promoting Cybersecurity Ethics and Risk Management

No single, definite code of cybersecurity morals can be fitted to all specific circumstances and experts. Associations and callings ought to consequently be urged to create clear inward strategies, methodology, rules, and best practices for cybersecurity morals that are explicitly adjusted to their exercises and difficulties. In any case, those particular codes of training can be all around formed by thinking about these 12 general standards and rules for ethical cybersecurity practice: I. Keep cybersecurity ethics a priority and make it a mandatory in business practices: As prior models have appeared; morals are an inescapable part of cybersecurity practice. On matters of data innovation and social intensity security, ethical issues are consistently attached to the point when we endeavor to keep that innovation and its working secure. In any event, when our work is profoundly specialized and not legitimately customer confronting, ethical concerns are part of the daily functions of businesses. Be that as it may, the consistency established in many organizations particularly concerning lawful issues can energize a dangerous propensity to 'sideline' morals as an outside limitation as opposed to considering it as the basis of what is acceptable on what we do. There is a difference between ethics and legal aspects and don't fill in for each other (Kotulski & Respício, 2018). It is normal to have a situation where what is unlawful can be dishonest, and that which is moral may be unlawful. In case that a business succumbs 'consistency' mentality on matters ethics, we are expected to view our ethical commitments as a case to 'confirm' and afterward disregard, when we feel we have done the 'base' supposed to 'conform to' them. Shockingly, this regularly leads to unsatisfactory results, for people and associations the same. Since cybersecurity is training for which moral contemplations are omnipresent and inborn, not irregular and outside, both personal and organizational endeavors must endeavor to keep the morals of business and individual actions in check. II. Think about the interests and personal objectives of the people running the system: Especially in specialized settings, it's anything but difficult to dismiss what a large portion of the frameworks we work with are: in particular, methods for improving human lives and ensuring social interests (Bustard, 2018). Most of the aspects that fall under the subject cybersecurity, they are concerned about the most critical human issues; their mental prosperity; and their social associations, different preferences. A better than the average human could never deal with someone else's body, cash, or state of mind without due consideration, yet it tends to be anything but difficult to overlook this is regularly what we are doing when we are accused of verifying cyber systems. III. Think about the side, downstream, and diverse upstream effects of cybersecurity practice: As noted above, frequently, we center too barely on whether we have conformed to ethical issues, and we forget that cybersecurity issues are not merely about playing our roles persistently. Along these lines, it is fundamental to consider what happens to the sensitive gadget, programming, equipment framework, or information considerably after it leaves our hands. Regardless of whether, for instance, I have done extensive security testing and examining an item before its discharge, there are, in every case new dangers, new vulnerabilities that can arise, and new users of the item that may make new security challenges (Goethals & Howard, 2018). I ought to, in every case in this manner, have a perspective on the security hazards downstream from my training and keep up viable lines of correspondence with those people in a situation to keep the framework or item secure at those stages. Communication with those 'upstream' and horizontal to my security practice is moreover basic. If the explanation that I battle with keeping a framework secure is that reduced plan and setup decisions upstream are limiting my options, or because somebody in another division is ceaselessly disregarding or abrogating the security rehearses I've found, at that point, I should be arranged to address that. On the off chance that I am not focusing on the downstream, upstream, and sidelong dangers, at that point, I have not entirely valued the moral stakes of my present security practice. IV. Do whatever it takes not to Discount Non-Technical Actors, Interests, Expectations, and Exposures: Most cybersecurity specialists are significantly skilled in unequivocal locales of a particular practice and accustomed to speaking with others with equivalent degrees of specific authority (Bilodeau, Lari and Uhrb, 2019). Even their enemies are much of the time software engineers with for all intents and purposes indistinguishable particular scopes of capacities and interests. This can incite a dangerously segregated attitude concerning pondering the importance and risks to which non-particular performers are revealed (and which cybersecurity specialists are habitually constrained by a feeling of respect to guarantee.) For example, cybersecurity specialists understand that no structure is 100% secure from interference or assault. Presenting antivirus writing computer programs is just one (unassuming and obliged) mechanical assembly for diminishing security peril, not a charm security genie that makes any additional security practices silly. Nevertheless, a typical, ignorant customer may well work with extended wants and absurd feelings about cybersecurity. Similarly, cybersecurity capable is presumably not going to fall for an unsophisticated phishing attempt or to use a natural to-figure mystery expression, or of course, to install a USB streak accumulating device got from a sporadic untouchable into their composed PC. Regardless, various others will, and it will, in general, be luring to grasp an ethically hard temper toward people whose introduction to security perils results from a particular deficiency or naïveté. This temper is essential to contradict, for two reasons. To begin with, because it prompts botched opportunities to complete fundamental risk contravention and mitigation techniques, growing the, as a rule, threat to the framework/affiliation and outcasts. Second, because being sincere isn't, believe it or not, something that makes an individual any all the more justifying wickedness or, or any less, justifying security. Keeping up fitting empathy for non-specific characters and their tendencies will, in the long run, make you prevalent cybersecurity capable, not just to the extent your moral integrity, yet what's more to the degree being logically reasonable in cybersecurity work. V. Develop Sustainable Business and Human Chains of Ethical Responsibility and Accountability: In various leveled settings, the 'issue of various hands' is a steady test to skilled practice and obligation. To avoid the spread of commitment wherein no one out of a gathering may feel connected with or focused on making the steps critical to ensure practical and moral cybersecurity practice, the obligation is set up and made express to everyone drew in with the work. This must be executed at the most dependable potential periods of an assignment. It should be clear who is responsible for all aspects of security peril the officials and evasion of devilishness (Berry and Berry, 2018). It should, moreover, be clear who is finally answerable for ensuring an ethically executed security adventure or practice. Who will be required to offer responses, explanations, and fixes if there is a mistake of ethics or essential break allowed by the participation? The fundamental limit of chains of commitment and duty is to ensure that individuals assume unequivocal liability for work and its ethical criticalness. VI. Practice Cybersecurity Disaster Planning and Crisis Response: Most people don't have to predict dissatisfaction, calamity, or crisis; they have to focus on the productive capacity of an endeavor or structure. While this is sensible, the hazards of this attitude are striking and have regularly caused disillusionment, fiasco, or crisis that could, without a doubt, have been kept up a vital right way from (Bada and Nurse, 2019). This attitude also as often as possible, thwarts a fruitful crisis response since there are no creation game plans for the immediate result possible. This is the explanation building fields whose policies can influence open prosperity have since quite a while back had a culture of engaging considering dissatisfaction. Perceiving how a thing or system will function in non-immaculate conditions, at the breaking points of anticipated use, or even outside those cutoff points, is essential to working in appropriate edges of security and working up a plan for unwelcome circumstances. Mulling over dissatisfaction improves the designers' work, not all the more horrendous. Cybersecurity experts must propel the proportional social affinity in their work. Known vulnerabilities and past scenes/breaks should be intentionally separated and inspected ('post-mortems'), and results foreseen into what's to come. 'Pre-mortems' (imagining together how at present secure system could be cracked, with the objective that we can envision to hinder that outcome) can be an unfathomable cybersecurity practice. It's in like manner essential to make crisis plans that go past redirecting shortcoming or, on the other hand, denying insidiousness (usually the first blunder of a PR bunch after a break or security blemish is revealed). Crisis plans should be quick, responsive to open data, and a considerable part of all prepared to reduce or fix harm being done effectively. This is much more straightforward to plan before a crisis has everything considered happened. VII. Advance Values of Transparency, Autonomy, and Trustworthiness: The most critical thing to ensure a sound association between cybersecurity experts and the open is to appreciate the hugeness of straightforwardness, independence, and constancy in that relationship. Covering a genuine security danger to others behind legal, particular, or PR language, subverting customers' undertakings to propel their security, and deluding open trust are never extraordinary frameworks as time goes on. Explicit and legitimate security validations, game plans, and proposition, when positive and healthy, help to propel the estimations of straightforwardness, independence, and unwavering quality. Notification of security imperfections, fixes, and breaks should be shaped by these comparable characteristics, to the most extraordinary degree impeccable with the estimation of security itself (Babazadeh, 2018). Right now or covering a vulnerability or break notice together to spare oneself, or one's gathering, from a specialist or open hatred, isn't typically an ethical choice. It undermines straightforwardness, and, by doing so, keeps impacted accomplices from making their own informed, freely guided choices to manage their risk. It moreover manhandles general society accept that their security is significantly regarded. Regardless, if an inopportune admonition would reveal others to over the top peril, a deferral may as often as possible be legitimized employing mindful speculation from the real factors. This tolerates that reasoning is itself trustworthy, and not an instance of 'pushed thinking' (thinking something virtually because it benefits me to do all things considered, or because I vehemently wish it were veritable). VIII. Consider Disparate Interests, Resources, and Impacts: It is necessary to grasp the noteworthy peril in cybersecurity practices of conveying or enhancing various impacts; that is, of improving a couple of individuals off and others increasingly horrendous off, whether or not this is similar to their social idea of fiscal success, political power, prosperity, value, or other critical items. Not every single remarkable impact is freakish or wrong. For example, while a contraption that usages strong start to finish encryption may make it more straightforward for gangsters to keep up a vital right way from government assessment of their correspondences, it may similarly divergence influence dictator governments' ability to follow and murder their political limitation. Here, the ethical adjustment of the various impacts is complicated (as found for 2016's circumstance of Apple v. the FBI.) But imagine another device that offers cutting edge security instruments and features just to those acquiring the most expensive model, moreover, out of date/weak security remembers for each other model. Will the disparate impact of this choice be safeguarded, to the degree that it may reveal millions who are not at the most noteworthy purpose of the money related ladder to real hardships of property, security, and reputation, while only guaranteeing the starting at now secure and uncommon? Or then again, consider a visual affirmation security challenge that is closed off to the outwardly impeded. Shouldn't something be said about a facial affirmation security lock that doesn't fittingly work with darker skin tones? This is the explanation there must be a suspicion in the cybersecurity practice of good danger from extraordinary impacts; they should be imagined, viably assessed for, and carefully broke down for their ethical pleasantness. In the same way, we ought to investigate how much different masses impacted by our preparation have different premiums, getting ready, and resources that give them a differential ability to benefit by our thing or assignment. IX. Welcome Diverse Stakeholder Input: One methodology to avoid 'careless similarity' in moral peril examination and design is to invite commitments from different accomplices outside of the gathering and affiliation. Accomplice input not directly must reflect comparative perspectives one starting at now has inside the association or social occasion. Various cybersecurity pros have abnormally raised degrees of enlightening achievement and money related status. In various specific fields, there may be an inclined depiction of the people similar to sexual direction, ethnicity, age, and multiple characteristics. Moreover, the nature of the work may pull in people who have common interests and personalities - for example, universal decent confidence about the capacity of science and development, and generally less trust in other social instruments. These components can prompt definitive monocultures, which intensify the dangers of absent consistency, defenseless sides, the insularity of interests, and sparse arrangement (Bilodeau, Lari, and Uhrb, 2019). For example, immense quantities of the endorsed strategies above can't be finished adequately if people from a gathering fight to imagine how a cybersecurity practice would be seen by, or how it might impact, people not in any manner such as themselves. Viably seeing the hindrances of a gathering's perspective is crucial. Developing continuously unique cybersecurity affiliations and collections are one obvious way to deal with lightening those obstacles. In any case, mentioning outside commitment from and even more specialist body of those inclined to be influenced by our training is another. X. Structure for Privacy and Security: This may have all the earmarks of being a prominent one, yet its centrality can't be overemphasized. 'Structure' here strategies not only specific arrangement (of frameworks, databases, devices, stages, locales, gadgets, or applications), yet likewise social and progressive arrangement (of get-togethers, approaches, techniques, inspirations, resource assignments, and strategies) that advance insurance and security goals. How this is best done in each extraordinary circumstance will vary, anyway curiously, close by other endeavor targets and the estimations of assurance likewise. Also, security remains at the forefront of errand design, orchestrating, execution, and oversight, and are once in a while treated as minor, external, or 'at some point later' concerns. XI. Make Ethical Reflection and Practice Standard, Pervasive, Iterative, and Rewarding: Moral reflection and practice, as we have recently expressed, is a key and central bit of capable significance in cybersecurity. Nonetheless, it is as yet during the time spent being organized into the calling. Created by making moral reflection and practice standard and inevitable, that is, recognized as an indispensable, dependable, and central piece of every cybersecurity setting, must continue being assisted through unique appraisals taken by individual specialists and affiliations the equivalent (Bilodeau, Lari and Uhrb, 2019). Moral reflection and practice in cybersecurity ought to, in like manner, to be incredible, be started in iterative ways. That is because the nature and level of risks to cybersecurity are continually creating, we should view cybersecurity ethics as a working and perpetual learning cycle. We must continuously watch the ethical consequences of our security practice, gain from our slips up, gather more information, acquire further functional and concentrated capacity, and a while later invigorate and improve our security practice in like way. Most of all, ethical practice in cybersecurity conditions must be made satisfying. Gathering, adventure, and institutional/association sparks must be particularly agreed with the well-recommended techniques portrayed above. Those practices are fortified; hence that cybersecurity specialists are empowered and given the central resources to complete them. XII. Model and Advocate for Ethical Cybersecurity Practice: As we found about moderation ethics, one way to deal with being guided well inconvenient proper settings is to find and concentrate on sublime models of that preparation. Over the long haul, ending up being extraordinary oneself not merely allows you to oversee others, it in like manner licenses you to cooperate with other mind-blowing individuals and specialists, to improve the standards by which we as entire life (Bilodeau, Lari, and Uhrb, 2019). Confident cybersecurity specialists can benefit by searching for, perceiving, and making a robust instructing relationship with sensational models of cybersecurity practice—models who not merely have specific significance, yet who are moreover models of ethically dominating cybersecurity organization. A different extent of models to pick up from is perfect, as even masters have their inadequacies and outwardly hindered spots. Regardless, the people who make sensible information in cybersecurity practice by picking up from as well as can be expected along these lines become fantastic mentors to others, raising the global enormity and respectability of the field. Commonly, they can, in like manner, work to advocate for even more indeed and ethically predominant cybersecurity benchmarks, standards, and practices in the area expanding current principles for everyone, additionally ensuring that cybersecurity specialists secure the assurance of the information society for us all.

Directions and Guidelines for Future Research

The reason for this subjectively differential and key contextual investigation was to investigate techniques utilized by entrepreneurs and small business owners to settle on informed choices for cyber- security speculations to shield businesses from cyber-attacks. The main suggestion for additional examination is to play out a quantitative report planned for building up a hearty security program. A quantitative report could give little entrepreneurs knowledge into the potential expense of cyber-security approach choices as it identifies with the possible effect on their business. Moreover, the examination could evaluate the advantages of cyber-security approaches. Our second suggestion for additional exploration is to direct a quantitative report that surveys the particular hazard for each taking a new business versus the security controls set up. An extra quantitative examination could start to address the potential constraint that entrepreneurs may unintentionally give lacking information because of their constrained information on cyber-security. This examination can build up a benchmark set of required controls instead of what is set up. Moreover, a quantitative investigation of this nature would deliver results that could either legitimize the absence of restrictions set up or the requirement for additional. Our ultimate suggestion for additional exploration is to play out a more significant subjective study to arrive at an impressively bigger populace. The personal investigation could have a comparable structure, yet rather than in-person meets, the analyst could use an online review. An online overview could contact a more extensive crowd and give specialists understanding into new, compelling procedures. Likewise, the secrecy of an online survey may deliver a more profound expansiveness of answers.

Concluding Comments and Suggestions

The reason for this subjective different contextual investigation was to investigate the challenges that cybersecurity poses to small businesses and startups, as well as the best ethical practices. The paper has established that the concept of cybersecurity is a modern global concept that affects every industry. The availability of a large pool of data on the cloud makes firms vulnerable to cyber-attacks. The paper further established the different types of cyber threats that affect startups and small businesses. The issue has affected businesses for more than 50 years, and there has not been a specific solution to it due to the complexity of the practice. Cybersecurity does not only affect and lead to the closure of small companies, but it has also affected big corporations globally. However, small businesses and startups have been significant victims because of the lack of finances and knowhow to protect their businesses from malware and other cyber threats. The practices of these small businesses expose them to the dangers of being hacked. More fundamentally, the paper linked cybersecurity and ethics. The article also outlined how inadequate cybersecurity is terrible for these businesses, to the extent of causing the closure of millions of small ventures. According to existing literature and the findings of this paper, cybersecurity is mostly an ethical practice. It has almost everything to do with how we behave and our take on moral issues. For this sole reason, the best way to reduce the effects of cybersecurity on small businesses is mainly by reflecting on our ethical principles. If we reflect on our actions and ensure that every individual does what is right, thereby holding responsible each person for their response, the issue of cybersecurity will be addressed.

References

Alotaibi, F., Furnell, S., Stengel, I., & Papadaki, M. (2016). A review of using gaming technology for cyber- security awareness. Int. J. Inf. Secure. Res. (IJISR), 6(2), 660-666.

Babazadeh, N. (2018). Legal Ethics and Cybersecurity. Journal of Law & Cyber Warfare, 7(1), 85-116.

Bada, M., & Nurse, J. R. (2019). Developing cybersecurity education and awareness programmers for small- and medium-sized enterprises (SMEs). Information & Computer Security.

Bar, N. Cyber Security Questions Every Business Should Be Asking. ed

Berry, C. T., & Berry, R. L. (2018). An initial assessment of small business risk management approaches for cyber security threats. International Journal of Business Continuity and Risk Management, 8(1), 1-10.

Bilodeau, H., Lari, M., & Uhrb, M. (2019). Cyber security and cybercrime challenges of Canadian businesses, 2017. Juristat: Canadian Centre for Justice Statistics, 1-18.

Black, L., Scala, N. M., Goethals, P. L., & Howard, J. (2018). Values and trends in cybersecurity. In Proceedings of the Institute of Industrial and Systems Engineering Conference (pp. 1820-1825). Orlando, FL: Institute of Industrial and Systems Engineers.

Bustard, J. D. (2018). Improving Student Engagement in the Study of Professional Ethics: Concepts and an Example in Cyber Security. Science and engineering ethics, 24(2), 683-698.

Cabaj, K., Domingos, D., Kotulski, Z., & Respício, A. (2018). Cybersecurity education: Evolution of the discipline and analysis of master programs. Computers & Security, 75, 4-35.

Cleveland, M., & Spangler, T. (2018). Toward a Model for Ethical Cybersecurity Leadership. International Journal of Smart Education and Urban Society (IJSEUS), 9(4), 29-36.

CMAs, N. E. W. (2019). PUT CYBERSECURITY FIRST.

CRIMP, A. (2019). Facts and Figures.

Domingo-Ferrer, J., & Blanco-Justicia, A. (2019). Ethical Value-Centric Cybersecurity: A Methodology Based on a Value Graph. Science and Engineering Ethics, 1-19.

Etschmaier, M. (2019, September). A Purposeful Systems Design Approach for Cybersecurity. In Proceedings of 32nd International Conference on (Vol. 63, pp. 90-100).

Erturk, E. (2019). Cloud Computing and Cybersecurity Issues Facing Local Enterprises. In Cloud Security: Concepts, Methodologies, Tools, and Applications (pp. 947-969). IGI Global.

Flick, C., Fisk, M., & Ogoh, G. (2020). Engaging Small and Medium-Sized Enterprises in Responsible Innovation. In Responsible Innovation (pp. 71-83). Springer, Dordrecht.

Frantz, B. M. (2019). CISTAR Cybersecurity Scorecard (Doctoral dissertation, Purdue University Graduate School).

Gafni, R., & Pavel, T. (2019). The invisible hole of information on SMB's cybersecurity. Online Journal of Applied Knowledge Management (OJAKM), 7(1), 14-26.

Harris, M. A. (2019). Using Bloom's and Webb's Taxonomies to Integrate Emerging Cybersecurity Topics into a Computer Curriculum. Journal of Information Systems Education, 26(3), 4.

Hai-Jew, S. (2019). The Electronic Hive Mind and Cybersecurity: Mass-Scale Human Cognitive Limits to Explain the “Weakest Link” in Cybersecurity. In Global Cyber Security Labor Shortage and International Business Risk (pp. 206-262). IGI Global.

Iavich, M., Gnatyuk, S., & Fesenko, G. I. A. (2019). Cyber security European standards in business. Scientific and practical cyber security journal.

Imsand, E., Tucker, B., Paxton, J., & Graves, S. (2019, June). A Survey of Cyber Security Practices in Small Businesses. In National Cyber Summit (pp. 44-50). Springer, Cham.

Jarocki, S., & Kettani, H. (2019, May). Examining the Efficacy of Commercial Cyber Security Certifications for Information Security Analysts. In 2019 4th International Conference on Information Systems Engineering (ICISE) (pp. 1-5). IEEE.

Kesan, J. P., & Hayes, C. M. (2019). Cybersecurity and Privacy Law in a Nutshell. West Academic Publishing.

Krahl, K. E. (2019). Cybersecurity and Small to Medium Business (Doctoral dissertation, Utica College).

Leaning, M., & Averweg, U. R. (2019). Developing the Social, Political, Economic, and Criminological Awareness of Cybersecurity Experts: A Proposal and Discussion of Non-Technical Topics for Inclusion in Cybersecurity Education. In Global Cyber Security Labor Shortage and International Business Risk (pp. 77-93). IGI Global.

Losavio, M., Hinton, J., Fritz, K., Lauf, A., Hieb, J., Im, G., ... & Gainous, J. (2019, March). STEM for Public Safety in Cyber: Training for Local Law Enforcement and Cyber Security. In 2019 IEEE Integrated STEM Education Conference (ISEC) (pp. 215-221). IEEE.

Medlin, B. D., & Hartley, R. D. (2018). Ethical Hacking: Cybersecurity Education for the 21stCentury. Business students' personal branding: An empirical investigation, 1, 30.

Mraković, I., & Vojinović, R. (2019). Maritime Cyber Security Analysis–How to Reduce Threats? Transactions on maritime science, 8(01), 132-139.

Morrow, P. J. (2018). The New Age of Cybersecurity Privacy, Criminal Procedure and Cyber Corporate Ethics. Journal of Cybersecurity Research (JCR), 3(1), 19-28.

Müsse, J., Rosenzweig, J. D., Ahmad, K., Jabeen, N. I., & Winther, S. H. (2019). Ethics of Personal Data in IoT.

Nicholson, S. (2019). How ethical hacking can protect organizations from a greater threat. Computer Fraud & Security, 2019(5), 15-19.

Rawass, J. (2019). Cybersecurity Strategies to Protect Information Systems in Small FinancialInstitutions (Doctoral dissertation, Walden University).

Reidy, K. M. (2019). Cyber Crime: An Existential Threat to Small Business.

Resnik, D. B., & Finn, P. R. (2018). Ethics and phishing experiments. Science and engineering ethics, 24(4), 1241-1252.

Rigopoulos, K. (2019). Announcing the Launch of the NIST Small Business Cybersecurity Corner Website.

Phillips, R., & Tanner, B. (2019). Breaking down silos between business continuity and cybersecurity. Journal of business continuity & emergency planning, 12(3), 224-232.

Sarder, M. D., & Haschak, M. (2019). Cyber security and its implication on material handling and logistics. College-Industry Council on Material Handling Education, 1-18.

Stockdale, J., & Markham, A. (2019). U.S. Patent No. 10,268,821. Washington, DC: U.S. Patent and Trademark Office.

Sukumar, A. P., Xu, Z., Satyanarayana, K., & Tomlins, R. (2019, November). An exploration of cyber-security risk management in small businesses: The case UK Micro and Small firms. In ISBE Conference 2019: SPACE: Exploring new frontiers and entrepreneurial places.

Varney, A. (2019). Analysis of the Impact of Artificial Intelligence to Cybersecurity and Protected Digital Ecosystems (Doctoral dissertation, Utica College).

Vaidya, R. (2019). Cyber Security Breaches Survey 2019.

Vitunskaite, M., He, Y., Brandstetter, T., & Janicke, H. (2019). Smart cities and cyber security: Are we there yet? A comparative study on the role of standards, third party risk management and security ownership. Computers & Security, 83, 313-331.

Watson, E., Churches, G., Bennett Moses, L., & Zalnieriute, M. (2019). Australia’s 2020 Cyber Security Strategy Submission to the Department of Home Affairs. UNSW Law Research Paper, (19-87).

Waltermire, K., & Perper, H. (2019). [Project Description] Improving Cybersecurity of Managed Service Providers (Supporting Small-and Medium-Sized Businesses) (Draft) (pp. 15 15). National Institute of Standards and Technology.

Woldemichael, H. T. (2019). Emerging Cyber Security Threats in Organization. International Journal of Scientific Research in Network Security and Communication, 7(6), 7-10.

Yeboah-Boateng, E. O. (2018). Cyber-Security Concerns with Cloud Computing: Business Value Creation and Performance Perspectives. In Cyber Security and Threats: Concepts, Methodologies, Tools, and Applications (pp. 995-1026). IGI Global