Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/80165

Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications

File Size Format  
0667.pdf 367.61 kB Adobe PDF View/Open

Item Summary

Title:Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications
Authors:Cram, W. Alec
Mouajou-Kenfack, Rissaile
Keywords:Organizational Cybersecurity: Advanced Cyber Defense, Cyber Analytics, and Security Operations
cybersecurity
incident notification
organization
qualitative
Date Issued:04 Jan 2022
Abstract:The growing frequency of cybersecurity incidents commonly requires organizations to notify customers of ongoing events. However, the content contained within these notifications varies widely, including differences in the level of detail, apportioning of blame, compensation, and corrective action. This study seeks to identify patterns contained within cybersecurity incident notifications by constructing a typology of organizational responses. Based on a detailed review of 465 global cybersecurity incidents that occurred during the first half of 2020, we obtained and qualitatively analyzed 187 customer notifications. Our results reveal three distinct organizational response types associated with the level of detail contained within the notification (full transparency, guarded, opacity), as well as three additional response types associated with the benefitting party (customer interest, balanced interest, company interest). This work extends past classifications of cybersecurity incident notifications and provides a template of possible notification approaches that could be adopted by organizations.
Pages/Duration:10 pages
URI:http://hdl.handle.net/10125/80165
ISBN:978-0-9981331-5-7
DOI:10.24251/HICSS.2022.825
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
https://creativecommons.org/licenses/by-nc-nd/4.0/
Appears in Collections: Organizational Cybersecurity: Advanced Cyber Defense, Cyber Analytics, and Security Operations


Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons