Strategic Outsourcing in the Digital Age: Cyber Risk Management and Operational Performance in Malaysian BPOs

Authors

  • Ferdio Ghifary Fidhien Master of Management Program, School of Economics and Business, Telkom University, Indonesia
  • Dodie Tricahyono Master of Management Program, School of Economics and Business, Telkom University, Indonesia
  • Edi Witjara Master of Management Program, School of Economics and Business, Telkom University, Indonesia

DOI:

https://doi.org/10.54099/aijb.v5i1.1386

Keywords:

Business Process Outsourcing (BPO), Outsourcing Strategy, Data Security, Fraud Risk, Cyber Threat, Operational Performance, Good Governance

Abstract

Business Process Outsourcing (BPO) companies have become vital players in Malaysia's post-pandemic digital economy, providing critical non-core services such as technology infrastructure management, customer support, and business process administration. However, the rapid growth of BPOs has also brought increased risks related to data security, fraud, and cyber threats, raising concerns about operational performance and good corporate governance. This study investigates the combined influence of outsourcing strategy, data security, fraud risk management, and cyber threats on the operational performance of Malaysian BPO firms listed on Bursa Malaysia during the 2021–2024 period and examines the implications for good governance. A quantitative explanatory approach was employed, utilizing SEM-PLS for hypothesis testing. The findings reveal that effective outsourcing strategies, robust data security frameworks, proactive fraud risk management, and mitigation of cyber threats significantly enhance operational performance. Furthermore, improved operational performance contributes positively to the implementation of good corporate governance principles. This research provides both theoretical and practical contributions: it enriches the literature on BPO governance and operational risk in the digital era and offers strategic insights for companies and regulators aiming to enhance accountability, transparency, and resilience in outsourcing operations. The study contributes to both governance literature and practical frameworks by integrating fraud deterrence, cybersecurity, and operational performance in the BPO sector.

References

Aguilera, R. V., & Cuervo-Cazurra, A. (2009). Codes of good governance. Corporate Governance: An International Review, 17(3), 376-387.

Anderson, R. (2003). Security Engineering. Wiley.

Anwar, U.A.A., Rahayu, A., Wibowo, L.A. et al. Supply chain integration as the implementation of strategic management in improving business performance. Discov Sustain 6, 101 (2025). https://doi.org/10.1007/s43621-025-00867-w

Arifin, A. L. ., & Koerniawan, K. A. . (2025). Gender-diverse boards, liquidity, and financial distress: Pathways to fraud deterrence in auditor judgments. Edelweiss Applied Science and Technology, 9(5), 2549–2564. https://doi.org/10.55214/25768484.v9i5.7517

Azizah, W. ., Sudarmaji, E. ., & Khairany, N. . (2024). Good corporate governance at the unit level: Insights from a State-Owned Bank Branch. Edelweiss Applied Science and Technology, 8(6), 2544–2559. https://doi.org/10.55214/25768484.v8i6.2506

Bandyopadhyay, T., Jacob, V. & Raghunathan, S. Information security in networked supply chains: impact of network vulnerability and supply chain integration on incentives to invest. Inf Technol Manag 11, 7–23 (2010). https://doi.org/10.1007/s10799-010-0066-1

Barney, J. (1991). Firm resources and sustained competitive advantage. Journal of Management, 17(1), 99-120.

Blakley, B., McDermott, E., & Geer, D. (2001). Information security is information risk management. Proceedings of the 2001 Workshop on New Security Paradigms.

Christiansson, M.-T. and Rentzhog, O. (2020), "Lessons from the “BPO journey” in a public housing company: toward a strategy for BPO", Business Process Management Journal, Vol. 26 No. 2, pp. 373-404. https://doi.org/10.1108/BPMJ-04-2017-0091

Cressey, D. R. (1953). Other People's Money: A Study in the Social Psychology of Embezzlement.

Dorminey, J., Fleming, A. S., Kranacher, M. J., & Riley, R. A. (2012). The evolution of fraud theory. Issues in Accounting Education, 27(2), 555-579.

Freeman, R. E. (1984). Strategic Management: A Stakeholder Approach.

Ghosh, R., Gupta, A., Chattopadhyay, S., Banerjee, A. & Dasgupta, K. (2016). CoCOA: A Framework for Comparing Aggregate Client Operations in BPO Services. 2016 IEEE International Conference on Services Computing (SCC), San Francisco, CA, USA, 539-546. doi: 10.1109/SCC.2016.76.

Hailu, T. and Chebo, A.K. (2024), "Mapping business process outsourcing and innovation towards a future research", Business Process Management Journal, Vol. 30 No. 1, pp. 158-182. https://doi.org/10.1108/BPMJ-03-2023-0182

Hayashi, T. (2023). IT Business Process Outsourcing (BPO) Strategy as a New Development Strategy in Emerging Countries: Focusing on the Philippine IT-BPO Industry and Lewis Turning Point Theory. In: Hayashi, T., Hoshino, H., Hori, Y. (eds) Base of the Pyramid and Business Process Outsourcing Strategies. Springer, Singapore. https://doi.org/10.1007/978-981-19-8171-5_7

Hori, Y. (2023). The Growth of the IT-BPO Industry and Women’s Work Choices in the Philippines. In: Hayashi, T., Hoshino, H., Hori, Y. (eds) Base of the Pyramid and Business Process Outsourcing Strategies. Springer, Singapore. https://doi.org/10.1007/978-981-19-8171-5_6

Jayaprabha, D., & Nirmala, K. (2018). Efficiency stress prediction in BPO industries using hybrid k-means and artificial bee colony algorithm. International Journal of Computers and Applications, 42(1), 9–16. https://doi.org/10.1080/1206212X.2017.1396416

Jensen, M. C., & Meckling, W. H. (1976). Theory of the firm. Journal of Financial Economics, 3(4), 305-360.

Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of security threats in information systems. Procedia Computer Science, 32, 489-496.

Kaplan, R. S., & Norton, D. P. (1992). The balanced scorecard: Measures that drive performance. Harvard Business Review, 70(1), 71–79.

Kato, H., & Chihama, Y. (2010). Business operations integration/BPO service for regional financial institutions. NEC Technical Journal, 5(2), 38–44. https://www.scopus.com/inward/record.uri?eid=2-s2.0-77953993150&partnerID=40&md5=2df82d20e52a11f6e585ab8167d44734

McIvor, R. (2009). How the transaction cost and resource-based theories of the firm inform outsourcing evaluation. Journal of Operations Management, 27(1), 45-63.

Mehta, A. M., Hafeez, I., Ali, A., Rahi, S., & Saleem, H. (2020). Examining the influence of BPO risks, vendor team’s performance, and knowledge management capability. Journal of Management Information and Decision Sciences, 23(Special Issue), 397–408. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85099521329&partnerID=40&md5=d46464b33cfff45aa59e8022dfaf38d0

Mishra, R., Ramesh, D. & Edla, D.R. Dynamic large branching hash tree based secure and efficient dynamic auditing protocol for cloud environment. Cluster Comput 24, 1361–1379 (2021). https://doi.org/10.1007/s10586-020-03193-0

OECD. (2004). Principles of Corporate Governance. Organisation for Economic Co-operation and Development.

Peköz, Ü.G. (2025). Knowledge Management and Business Processes in CEE Service Centers. In: Štarchoň, P., Fedushko, S., Gubíniova, K. (eds) Developments in Information and Knowledge Management Systems for Business Applications. Studies in Systems, Decision and Control, vol 578. Springer, Cham. https://doi.org/10.1007/978-3-031-80935-4_16

Piacenza, J. R., Faller, K. J., II, Regez, B., and Gomez, L. (April 30, 2021). Verification of Numerically Controlled Manufacturing Processes, Toward Identifying Cyber-Physical Threats. ASME. J. Manuf. Sci. Eng. September 2021; 143(9): 091014. https://doi.org/10.1115/1.4050547

Piacenza, J, Faller, KJ, II, Regez, B, & Gomez, L. (2020). Investigating Cyber-Physical Threats of Numerically Controlled Manufacturing Processes. Proceedings of the ASME 2020 International Design Engineering Technical Conferences and Computers and Information in Engineering Conference. Volume 6: 25th Design for Manufacturing and the Life Cycle Conference (DFMLC). V006T06A012. ASME. https://doi.org/10.1115/DETC2020-22324

Ponciano, E.S. and Amaral, C.S.T. (2021), What influences the innovation environment in BPO companies? Business Process Management Journal, Vol. 27 No. 1, pp. 106-123. https://doi.org/10.1108/BPMJ-03-2020-0129

Respati, N. P., & Tricahyono, D. (2020). Performance Analysis Using Balanced Scorecard Approach From Growth and Learning Perspective (Case Study at Muhammadiyah Hospital Bandung). e-Proceeding of Management, Vol.7, No.2, 2119-2120.

Salim, D. F. ., Candraningtias, W. ., Koerniawan, K. A. ., & Isynuwardhana, D. . (2025). Gender-inclusive fintech and economic growth: The case of P2P lending in Indonesia. Edelweiss Applied Science and Technology, 9(5), 424–435. https://doi.org/10.55214/25768484.v9i5.6885

Singh, L., Chirputkar, A., & Ashok, P. (2024). Risk Management in the Digital Age: Fintech Security Strategies. 2024 1st International Conference on Sustainable Computing and Integrated Communication in Changing Landscape of AI (ICSCAI), Greater Noida, India, 1-7. https://doi.org/10.1109/ICSCAI61790.2024.10866839

Suresh, S., & Ravichandran, T. (2022). Value Gains in Business Process Outsourcing: The Vendor Perspective. Information Systems Frontiers, 24, 677–690. https://doi.org/10.1007/s10796-021-10111-1

Szortyka, K. (2024). Intelligent automation of financial and accounting processes in business process outsourcing centers in Poland. ZTR, 48(3), 155-175. https://doi.org/10.5604/01.3001.0054.7261.

Whitman, M. E., & Mattord, H. J. (2011). Principles of Information Security.

Wong, D. T. W., & Ngai, E. W. T. (2025). Impact of artificial intelligence (AI) on operational performance: The role of dynamic capabilities. Information & Management, 62(6), 104162. https://doi.org/10.1016/j.im.2025.104162

Wu, Y., Wang, N., Dai, T., & Cheng, D. (2024). Information security outsourcing strategies in the supply chain considering security externality. Journal of the Operational Research Society, 76(3), 482–497. https://doi.org/10.1080/01605682.2024.2368611

Yu, Y. (2023). Implementation and Assurance Model Construction of Financial BPO Cost Control under Cloud Computing Platform. Applied Mathematics and Nonlinear Sciences, 9(1), 2023. https://doi.org/10.2478/amns.2023.2.00134

Zhang, C., Feng, N., Chen, J., et al. (2021). Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities. Information Systems Frontiers, 23, 773–790. https://doi.org/10.1007/s10796-020-10009-4

Zhong, W., Zhao, L., & Dou, Q. (2025). The Implementation Strategy of Cost Control and the Construction of a Guarantee Model of Financial BPO in the Cloud Computing Environment. International Journal of Information System Modeling and Design (IJISMD), 16(1), 1-21. https://doi.org/10.4018/IJISMD.367278

Downloads

Published

2026-02-13

How to Cite

Fidhien, F. G., Tricahyono, D. ., & Witjara, E. (2026). Strategic Outsourcing in the Digital Age: Cyber Risk Management and Operational Performance in Malaysian BPOs. Asean International Journal of Business, 5(1), 91–105. https://doi.org/10.54099/aijb.v5i1.1386

Issue

Vol. 5 No. 1 (2026)

Section

Articles

License

Copyright (c) 2025 Ferdio Ghifary Fidhien, Dodie Tricahyono, Edi Witjara

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.