Organisational Cyber Resilience and its Influence on Cyber Attack Outcomes: An Exploratory Study of 1,145 Publicised Attacks

56 Pages Posted: 7 Jan 2021

See all articles by Elinor Tsen

Elinor Tsen

University of Queensland - Business School

Ryan KL Ko

School of Information Technology and Electrical Engineering, Faculty of Engineering, Architecture and Information Technology, University of Queensland

Sergeja Slapničar

Business School, University of Queensland

Date Written: October 8, 2020

Abstract

Secrecy surrounding cyber attacks and confidentiality of organizational cyber resilience has resulted in a relatively modest empirical research of the association between cyber attacks and organizational cyber resilience. In this paper we attempt to overcome the lack of data by studying public data. Based on the literature and publications we formulate a working instrument of measuring organizational cyber resilience characteristics on public data and examine the relationship between these characteristics with organizations’ exposure factors and cyber attack outcomes. We analyze these relationships through our developed dataset of 1,145 cyber attacks. We apply the PRISMA methodology to select the relevant cyber attacks. Our findings reveal that among all exposure factors, the organization’s sector is most consistently associated with the development of cyber resilience characteristics despite the literature’s focus on critical industry. Sector is also relevant to the nature of attack and the impact on data. The attacked organizations in our sample have a relatively low level of cyber resilience reflected in the, surprisingly, low frequency of a dedicated cyber security (CS) organizational role, the use of CS frameworks, the strength of prevention, detection and recovery controls (PDR) and organizations’ responses to their stakeholders after cyber attacks. Cyber resilience characteristics are not implemented consistently by sampled organizations. However, the presence of resilience characteristics do appear to have a positive impact on the frequency of litigation and penalties. In addition, stronger prevention, detection and recovery controls lead to more frequent organizational responses to stakeholders after cyber attacks.

Keywords: Cyber Resilience; Cyber Security; Data Breach; Ransomware Attack; Measurement Development

Suggested Citation

Tsen, Elinor and Ko, Ryan KL and Slapničar, Sergeja, Organisational Cyber Resilience and its Influence on Cyber Attack Outcomes: An Exploratory Study of 1,145 Publicised Attacks (October 8, 2020). Available at SSRN: https://ssrn.com/abstract=3735636 or http://dx.doi.org/10.2139/ssrn.3735636

Elinor Tsen (Contact Author)

University of Queensland - Business School ( email )

Brisbane, Queensland 4072
Australia

Ryan KL Ko

School of Information Technology and Electrical Engineering, Faculty of Engineering, Architecture and Information Technology, University of Queensland ( email )

Queensland, 4072
Australia

Sergeja Slapničar

Business School, University of Queensland ( email )

St Lucia
Brisbane, Queensland 4072
Australia

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
121
Abstract Views
399
rank
282,437
PlumX Metrics