You cannot spell risk without "I-S": The disclosure of information systems risks by Fortune 1000 firms.

IF 3 3区 医学 Q1 MATHEMATICS, INTERDISCIPLINARY APPLICATIONS Risk Analysis Pub Date : 2024-09-07 DOI:10.1111/risa.17644
Jonathan Whitaker, Shital Thekdi
{"title":"You cannot spell risk without \"I-S\": The disclosure of information systems risks by Fortune 1000 firms.","authors":"Jonathan Whitaker, Shital Thekdi","doi":"10.1111/risa.17644","DOIUrl":null,"url":null,"abstract":"<p><p>Cybersecurity events can cause business disruptions, health and safety repercussions, financial costs, and negative publicity for large firms, and executives rank cybersecurity as a top operational concern. Although cybersecurity may be the most publicized information systems (IS) risk, large firms face a range of IS risks. Over the past three decades, researchers developed frameworks to categorize and evaluate IS risks. However, there have been few updates to these frameworks despite numerous technological advances, and we are not aware of any research that uses empirical data to map actual IS risks cited by large firms to these frameworks. To address this gap, we coded and analyzed text data from Item 1A (Risk Factors) of the fiscal year 2020 Securities and Exchange Commission Forms 10-K for all Fortune 1000 firms. We build on prior research to develop a framework that places 25 IS risks into four quadrants and 10 categories, and we record the number and type of IS risks cited by each firm. The risk of cyberattack is cited by virtually all Fortune 1000 firms, and the risk of software/hardware failure is cited by 90% of Fortune 1000 firms. Risks associated with data privacy law compliance are cited by 70% of Fortune 1000 firms, and risks associated with internet/telecommunications/power outage, human error, and natural disasters/terrorism are cited by 60% of Fortune 1000 firms. We perform additional analysis to identify differences in risk citation based on industry and financial measures.</p>","PeriodicalId":21472,"journal":{"name":"Risk Analysis","volume":" ","pages":""},"PeriodicalIF":3.0000,"publicationDate":"2024-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Risk Analysis","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.1111/risa.17644","RegionNum":3,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"MATHEMATICS, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 0

Abstract

Cybersecurity events can cause business disruptions, health and safety repercussions, financial costs, and negative publicity for large firms, and executives rank cybersecurity as a top operational concern. Although cybersecurity may be the most publicized information systems (IS) risk, large firms face a range of IS risks. Over the past three decades, researchers developed frameworks to categorize and evaluate IS risks. However, there have been few updates to these frameworks despite numerous technological advances, and we are not aware of any research that uses empirical data to map actual IS risks cited by large firms to these frameworks. To address this gap, we coded and analyzed text data from Item 1A (Risk Factors) of the fiscal year 2020 Securities and Exchange Commission Forms 10-K for all Fortune 1000 firms. We build on prior research to develop a framework that places 25 IS risks into four quadrants and 10 categories, and we record the number and type of IS risks cited by each firm. The risk of cyberattack is cited by virtually all Fortune 1000 firms, and the risk of software/hardware failure is cited by 90% of Fortune 1000 firms. Risks associated with data privacy law compliance are cited by 70% of Fortune 1000 firms, and risks associated with internet/telecommunications/power outage, human error, and natural disasters/terrorism are cited by 60% of Fortune 1000 firms. We perform additional analysis to identify differences in risk citation based on industry and financial measures.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
没有 "I-S "就拼不出风险:财富》1000 强企业对信息系统风险的披露。
网络安全事件会导致业务中断、健康和安全方面的影响、财务成本以及对大型企业的负面宣传。尽管网络安全可能是最广为人知的信息系统(IS)风险,但大型企业面临着一系列的 IS 风险。过去三十年来,研究人员开发了信息系统风险分类和评估框架。然而,尽管技术在不断进步,这些框架却鲜有更新,而且我们也没有发现有任何研究利用经验数据将大型企业列举的实际 IS 风险与这些框架相对应。为了填补这一空白,我们对美国证券交易委员会 2020 财年 10-K 表中第 1A 项(风险因素)的文本数据进行了编码和分析,涉及所有财富 1000 强企业。我们在先前研究的基础上建立了一个框架,将 25 种 IS 风险分为四个象限和 10 个类别,并记录了每家公司列举的 IS 风险的数量和类型。几乎所有《财富》1000 强企业都提到了网络攻击风险,90% 的《财富》1000 强企业提到了软件/硬件故障风险。70% 的《财富》1000 强企业提到了与遵守数据隐私法相关的风险,60% 的《财富》1000 强企业提到了与互联网/电信/停电、人为失误和自然灾害/恐怖主义相关的风险。我们还进行了其他分析,以确定基于行业和财务衡量标准的风险引用差异。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Risk Analysis
Risk Analysis 数学-数学跨学科应用
CiteScore
7.50
自引率
10.50%
发文量
183
审稿时长
4.2 months
期刊介绍: Published on behalf of the Society for Risk Analysis, Risk Analysis is ranked among the top 10 journals in the ISI Journal Citation Reports under the social sciences, mathematical methods category, and provides a focal point for new developments in the field of risk analysis. This international peer-reviewed journal is committed to publishing critical empirical research and commentaries dealing with risk issues. The topics covered include: • Human health and safety risks • Microbial risks • Engineering • Mathematical modeling • Risk characterization • Risk communication • Risk management and decision-making • Risk perception, acceptability, and ethics • Laws and regulatory policy • Ecological risks.
期刊最新文献
A review of optimization and decision models of prescribed burning for wildfire management. An information-theoretic analysis of security behavior intentions amongst United States poll workers. JointLIME: An interpretation method for machine learning survival models with endogenous time-varying covariates in credit scoring. Portrayal of risk information and its impact on audiences' risk perception during the Covid-19 pandemic: A multi-method approach. A quantitative analysis of biosafety and biosecurity using attack trees in low-to-moderate risk scenarios: Evidence from iGEM.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1