Environmental Factors that Hinder an Organization’s Ability to Learn from Cyber Incidents: A Case Study on SolarWinds

Abstract

This research focuses on identifying the environmental factors that impact an organization's ability, or lack thereof, to learn from cyber incidents: an organized and structural approach to address cybersecurity breaches with the aim of mitigating harm by minimizing the associated costs and the time required for recovery. The results of our research, based on an in-depth analysis of the data collected from interviews with 12 cybersecurity professionals on how their organization handled the massive SolarWinds attack, show that the practice of incident response often involves short-term and tactical steps as opposed to strategic initiatives, such as reframing of cyber policies, risk assessment processes, and proactive investment, which are more long-term in nature. We present the challenges that inhibit organizations’ capacity to strategically learn from cyber incidents related to internal environment, as well as micro- and macro-environment and provide a discussion on how organizations could overcome these challenges.