{"title":"组织网络弹性及其前兆和结果的探索性研究","authors":"Elinor Tsen, Ryan K. L. Ko, S. Slapničar","doi":"10.1080/10919392.2022.2068906","DOIUrl":null,"url":null,"abstract":"ABSTRACT Evidence shows that it is paramount for stakeholders to understand the cybersecurity of relevant organizations. However, the secrecy surrounding cyber attacks and how organizations manage their cyber resilience make it impossible for stakeholders to develop this understanding. This paper analyzes organizational cyber resilience, its contextual factors and its impact on the outcomes of cyber attacks based on publicly available data. Using the PRISMA methodology, we collated and analyzed a dataset of 1,145 publicly known cyber attacks. We conceptualize and operationalize cyber resilience from a governance perspective. Our findings indicate that organizations that suffered cyber attacks had the following cyber resilience characteristics: a relatively low level of cyber resilience reflected in the low frequency of cybersecurity roles, low reliance on cybersecurity frameworks, and relatively low strength of prevention, detection, and recovery controls. Cyber resilience is found to be associated with the sector, size, and digital intensity. Linear regression indicates that, expectedly, stronger prevention, detection, and recovery processes are related to lower breach severity and occurrence of investigations or penalties, but contrary to expectations, cybersecurity roles and frameworks are not. Furthermore, better organizational responses are associated with higher breach severity but they are not found to have an impact on the level of investigations, fines, and penalties imposed. We discuss our findings and their implications for cyber resilience regulation, future research, and sector cooperation.","PeriodicalId":54777,"journal":{"name":"Journal of Organizational Computing and Electronic Commerce","volume":"32 1","pages":"153 - 174"},"PeriodicalIF":2.0000,"publicationDate":"2021-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"An exploratory study of organizational cyber resilience, its precursors and outcomes\",\"authors\":\"Elinor Tsen, Ryan K. L. Ko, S. Slapničar\",\"doi\":\"10.1080/10919392.2022.2068906\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT Evidence shows that it is paramount for stakeholders to understand the cybersecurity of relevant organizations. However, the secrecy surrounding cyber attacks and how organizations manage their cyber resilience make it impossible for stakeholders to develop this understanding. This paper analyzes organizational cyber resilience, its contextual factors and its impact on the outcomes of cyber attacks based on publicly available data. Using the PRISMA methodology, we collated and analyzed a dataset of 1,145 publicly known cyber attacks. We conceptualize and operationalize cyber resilience from a governance perspective. Our findings indicate that organizations that suffered cyber attacks had the following cyber resilience characteristics: a relatively low level of cyber resilience reflected in the low frequency of cybersecurity roles, low reliance on cybersecurity frameworks, and relatively low strength of prevention, detection, and recovery controls. Cyber resilience is found to be associated with the sector, size, and digital intensity. Linear regression indicates that, expectedly, stronger prevention, detection, and recovery processes are related to lower breach severity and occurrence of investigations or penalties, but contrary to expectations, cybersecurity roles and frameworks are not. Furthermore, better organizational responses are associated with higher breach severity but they are not found to have an impact on the level of investigations, fines, and penalties imposed. We discuss our findings and their implications for cyber resilience regulation, future research, and sector cooperation.\",\"PeriodicalId\":54777,\"journal\":{\"name\":\"Journal of Organizational Computing and Electronic Commerce\",\"volume\":\"32 1\",\"pages\":\"153 - 174\"},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2021-09-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Organizational Computing and Electronic Commerce\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1080/10919392.2022.2068906\",\"RegionNum\":4,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Organizational Computing and Electronic Commerce","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1080/10919392.2022.2068906","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
An exploratory study of organizational cyber resilience, its precursors and outcomes
ABSTRACT Evidence shows that it is paramount for stakeholders to understand the cybersecurity of relevant organizations. However, the secrecy surrounding cyber attacks and how organizations manage their cyber resilience make it impossible for stakeholders to develop this understanding. This paper analyzes organizational cyber resilience, its contextual factors and its impact on the outcomes of cyber attacks based on publicly available data. Using the PRISMA methodology, we collated and analyzed a dataset of 1,145 publicly known cyber attacks. We conceptualize and operationalize cyber resilience from a governance perspective. Our findings indicate that organizations that suffered cyber attacks had the following cyber resilience characteristics: a relatively low level of cyber resilience reflected in the low frequency of cybersecurity roles, low reliance on cybersecurity frameworks, and relatively low strength of prevention, detection, and recovery controls. Cyber resilience is found to be associated with the sector, size, and digital intensity. Linear regression indicates that, expectedly, stronger prevention, detection, and recovery processes are related to lower breach severity and occurrence of investigations or penalties, but contrary to expectations, cybersecurity roles and frameworks are not. Furthermore, better organizational responses are associated with higher breach severity but they are not found to have an impact on the level of investigations, fines, and penalties imposed. We discuss our findings and their implications for cyber resilience regulation, future research, and sector cooperation.
期刊介绍:
The aim of the Journal of Organizational Computing and Electronic Commerce (JOCEC) is to publish quality, fresh, and innovative work that will make a difference for future research and practice rather than focusing on well-established research areas.
JOCEC publishes original research that explores the relationships between computer/communication technology and the design, operations, and performance of organizations. This includes implications of the technologies for organizational structure and dynamics, technological advances to keep pace with changes of organizations and their environments, emerging technological possibilities for improving organizational performance, and the many facets of electronic business.
Theoretical, experimental, survey, and design science research are all welcome and might look at:
• E-commerce
• Collaborative commerce
• Interorganizational systems
• Enterprise systems
• Supply chain technologies
• Computer-supported cooperative work
• Computer-aided coordination
• Economics of organizational computing
• Technologies for organizational learning
• Behavioral aspects of organizational computing.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
