A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Issue 1 (16th October 2018)
- Record Type:
- Journal Article
- Title:
- A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Issue 1 (16th October 2018)
- Main Title:
- A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate
- Authors:
- Agrafiotis, Ioannis
Nurse, Jason R C
Goldsmith, Michael
Creese, Sadie
Upton, David - Abstract:
- Abstract: Technological advances have resulted in organizations digitalizing many parts of their operations. The threat landscape of cyberattacks is rapidly changing and the potential impact of such attacks is uncertain, because there is a lack of effective metrics, tools and frameworks to understand and assess the harm organizations face from cyber-attacks. In this article, we reflect on the literature on harm, and how it has been conceptualized in disciplines such as criminology and economics, and investigate how other notions such as risk and impact relate to harm. Based on an extensive literature survey and on reviewing news articles and databases reporting cyber-incidents, cybercrimes, hacks and other attacks, we identify various types of harm and create a taxonomy of cyber-harms encountered by organizations. This taxonomy comprises five broad themes: physical or digital harm; economic harm; psychological harm; reputational harm; and social and societal harm. In each of these themes, we present several cyber-harms that can result from cyber-attacks. To provide initial indications about how these different types of harm are connected and how cyber-harm in general may propagate, this article also analyses and draws insight from four real-world case studies, involving Sony (2011 and 2014), JPMorgan and Ashley Madison. We conclude by arguing for the need for analytical tools for organizational cyber-harm, which can be based on a taxonomy such as the one we propose here.Abstract: Technological advances have resulted in organizations digitalizing many parts of their operations. The threat landscape of cyberattacks is rapidly changing and the potential impact of such attacks is uncertain, because there is a lack of effective metrics, tools and frameworks to understand and assess the harm organizations face from cyber-attacks. In this article, we reflect on the literature on harm, and how it has been conceptualized in disciplines such as criminology and economics, and investigate how other notions such as risk and impact relate to harm. Based on an extensive literature survey and on reviewing news articles and databases reporting cyber-incidents, cybercrimes, hacks and other attacks, we identify various types of harm and create a taxonomy of cyber-harms encountered by organizations. This taxonomy comprises five broad themes: physical or digital harm; economic harm; psychological harm; reputational harm; and social and societal harm. In each of these themes, we present several cyber-harms that can result from cyber-attacks. To provide initial indications about how these different types of harm are connected and how cyber-harm in general may propagate, this article also analyses and draws insight from four real-world case studies, involving Sony (2011 and 2014), JPMorgan and Ashley Madison. We conclude by arguing for the need for analytical tools for organizational cyber-harm, which can be based on a taxonomy such as the one we propose here. These would allow organizations to identify corporate assets, link these to different types of cyber-harm, measure those harms and, finally, consider the security controls needed for the treatment of harm. … (more)
- Is Part Of:
- Journal of cybersecurity. Volume 4:Issue 1(2018)
- Journal:
- Journal of cybersecurity
- Issue:
- Volume 4:Issue 1(2018)
- Issue Display:
- Volume 4, Issue 1 (2018)
- Year:
- 2018
- Volume:
- 4
- Issue:
- 1
- Issue Sort Value:
- 2018-0004-0001-0000
- Page Start:
- Page End:
- Publication Date:
- 2018-10-16
- Subjects:
- cybersecurity -- risk -- cyber-attack impacts -- harm -- organisational security -- information systems
Computer security -- Periodicals
Computer networks -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://cybersecurity.oxfordjournals.org/ ↗
http://www.oxfordjournals.org/ ↗ - DOI:
- 10.1093/cybsec/tyy006 ↗
- Languages:
- English
- ISSNs:
- 2057-2093
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 12360.xml