An exploratory study of organizational cyber resilience, its precursors and outcomes. Issue 2 (3rd April 2022)
- Record Type:
- Journal Article
- Title:
- An exploratory study of organizational cyber resilience, its precursors and outcomes. Issue 2 (3rd April 2022)
- Main Title:
- An exploratory study of organizational cyber resilience, its precursors and outcomes
- Authors:
- Tsen, Elinor
Ko, Ryan K L
Slapnicar, Sergeja - Abstract:
- ABSTRACT: Evidence shows that it is paramount for stakeholders to understand the cybersecurity of relevant organizations. However, the secrecy surrounding cyber attacks and how organizations manage their cyber resilience make it impossible for stakeholders to develop this understanding. This paper analyzes organizational cyber resilience, its contextual factors and its impact on the outcomes of cyber attacks based on publicly available data. Using the PRISMA methodology, we collated and analyzed a dataset of 1, 145 publicly known cyber attacks. We conceptualize and operationalize cyber resilience from a governance perspective. Our findings indicate that organizations that suffered cyber attacks had the following cyber resilience characteristics: a relatively low level of cyber resilience reflected in the low frequency of cybersecurity roles, low reliance on cybersecurity frameworks, and relatively low strength of prevention, detection, and recovery controls. Cyber resilience is found to be associated with the sector, size, and digital intensity. Linear regression indicates that, expectedly, stronger prevention, detection, and recovery processes are related to lower breach severity and occurrence of investigations or penalties, but contrary to expectations, cybersecurity roles and frameworks are not. Furthermore, better organizational responses are associated with higher breach severity but they are not found to have an impact on the level of investigations, fines, andABSTRACT: Evidence shows that it is paramount for stakeholders to understand the cybersecurity of relevant organizations. However, the secrecy surrounding cyber attacks and how organizations manage their cyber resilience make it impossible for stakeholders to develop this understanding. This paper analyzes organizational cyber resilience, its contextual factors and its impact on the outcomes of cyber attacks based on publicly available data. Using the PRISMA methodology, we collated and analyzed a dataset of 1, 145 publicly known cyber attacks. We conceptualize and operationalize cyber resilience from a governance perspective. Our findings indicate that organizations that suffered cyber attacks had the following cyber resilience characteristics: a relatively low level of cyber resilience reflected in the low frequency of cybersecurity roles, low reliance on cybersecurity frameworks, and relatively low strength of prevention, detection, and recovery controls. Cyber resilience is found to be associated with the sector, size, and digital intensity. Linear regression indicates that, expectedly, stronger prevention, detection, and recovery processes are related to lower breach severity and occurrence of investigations or penalties, but contrary to expectations, cybersecurity roles and frameworks are not. Furthermore, better organizational responses are associated with higher breach severity but they are not found to have an impact on the level of investigations, fines, and penalties imposed. We discuss our findings and their implications for cyber resilience regulation, future research, and sector cooperation. … (more)
- Is Part Of:
- Journal of organizational computing and electronic commerce. Volume 32:Issue 2(2022)
- Journal:
- Journal of organizational computing and electronic commerce
- Issue:
- Volume 32:Issue 2(2022)
- Issue Display:
- Volume 32, Issue 2 (2022)
- Year:
- 2022
- Volume:
- 32
- Issue:
- 2
- Issue Sort Value:
- 2022-0032-0002-0000
- Page Start:
- 153
- Page End:
- 174
- Publication Date:
- 2022-04-03
- Subjects:
- cyber resilience -- cybersecurity -- data breach -- ransomware attack -- measurement development
Management -- Data processing -- Periodicals
Electronic commerce -- Periodicals
Electronic data interchange -- Periodicals
Business enterprises -- Computer networks -- Periodicals
658.0505 - Journal URLs:
- http://www.informaworld.com/smpp/title~db=all~content=t775653688~tab=issueslist ↗
http://www.tandfonline.com/ ↗
http://firstsearch.oclc.org ↗ - DOI:
- 10.1080/10919392.2022.2068906 ↗
- Languages:
- English
- ISSNs:
- 1091-9392
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 5027.090000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 22123.xml