Organisational Cyber Resilience and its Influence on Cyber Attack Outcomes: An Exploratory Study of 1,145 Publicised Attacks
56 Pages Posted: 7 Jan 2021
Date Written: October 8, 2020
Secrecy surrounding cyber attacks and confidentiality of organizational cyber resilience has resulted in a relatively modest empirical research of the association between cyber attacks and organizational cyber resilience. In this paper we attempt to overcome the lack of data by studying public data. Based on the literature and publications we formulate a working instrument of measuring organizational cyber resilience characteristics on public data and examine the relationship between these characteristics with organizations’ exposure factors and cyber attack outcomes. We analyze these relationships through our developed dataset of 1,145 cyber attacks. We apply the PRISMA methodology to select the relevant cyber attacks. Our findings reveal that among all exposure factors, the organization’s sector is most consistently associated with the development of cyber resilience characteristics despite the literature’s focus on critical industry. Sector is also relevant to the nature of attack and the impact on data. The attacked organizations in our sample have a relatively low level of cyber resilience reflected in the, surprisingly, low frequency of a dedicated cyber security (CS) organizational role, the use of CS frameworks, the strength of prevention, detection and recovery controls (PDR) and organizations’ responses to their stakeholders after cyber attacks. Cyber resilience characteristics are not implemented consistently by sampled organizations. However, the presence of resilience characteristics do appear to have a positive impact on the frequency of litigation and penalties. In addition, stronger prevention, detection and recovery controls lead to more frequent organizational responses to stakeholders after cyber attacks.
Keywords: Cyber Resilience; Cyber Security; Data Breach; Ransomware Attack; Measurement Development
Suggested Citation: Suggested Citation