Conceal or Communicate? Organizational Notifications to Stakeholders Following Ransomware Attacks
Files
Date
2024-01-03
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Narrator
Transcriber
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
4206
Ending Page
Alternative Title
Abstract
Ransomware attacks have become an unrelenting frustration for organizations of all sizes, industries, and locations. Although past research has examined how ransomware attacks can be more effectively prevented, little attention has been paid to understanding how organizations communicate with stakeholders. In contrast to some cyber incidents that remain hidden for months, ransomware attacks render systems inoperable immediately, which often requires a unique stakeholder response strategy. Drawing on principles from stakeholder theory and crisis response strategies, we examine the organizational communications following 101 ransomware attacks. Our results indicate that stakeholder notifications tend to be either customer-focused or investor-focused, but are rarely both. We also find that most notifications contain at least a basic level of detail, but that about one in ten communications are insufficiently informative. This work extends the field’s understanding of cybersecurity incident notifications within the unique context of ransomware attacks and reveals practical insights for cybersecurity managers.
Description
Keywords
Cybercrime, crisis response, cybersecurity, incident notification, ransomware, stakeholder theory
Citation
Extent
10 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 57th Hawaii International Conference on System Sciences
Related To (URI)
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Collections
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.