An exploratory study of organizational cyber resilience, its precursors and outcomes

47 Pages Posted: 7 Jan 2021 Last revised: 14 May 2022

See all articles by Elinor Tsen

Elinor Tsen

University of Queensland - Business School

Ryan KL Ko

School of Information Technology and Electrical Engineering, Faculty of Engineering, Architecture and Information Technology, University of Queensland

Sergeja Slapničar

University of Queensland

Date Written: September 17, 2021

Abstract

Evidence shows that it is paramount for stakeholders to understand the cybersecurity of relevant organizations. However, the secrecy surrounding cyber attacks and how organizations manage their cyber resilience make it impossible for stakeholders to develop this understanding. This paper analyses organizational cyber resilience, its contextual factors and its impact on the outcomes of cyber attacks based on publicly available data. Using the PRISMA methodology, we collated and analyzed a dataset of 1,145 publicly-known cyber attacks. We conceptualize and operationalize cyber resilience from a governance perspective. Our findings indicate that organizations that suffered cyber attacks had the following cyber resilience characteristics: a relatively low level of cyber resilience reflected in the low frequency of cybersecurity roles, low reliance on cybersecurity frameworks, and relatively low strength of prevention, detection, and recovery controls. Cyber resilience is found to be associated with the sector, size, and digital intensity. Linear regression indicates that, expectedly, stronger prevention, detection and recovery processes are related to lower breach severity and occurrence of investigations or penalties, but contrary to expectations, cybersecurity roles and frameworks are not. Furthermore, better organizational responses are associated with higher breach severity but they are not found to have an impact on the level of investigations, fines and penalties imposed. We discuss our findings and their implications for cyber resilience regulation, future research and sector cooperation.

Keywords: Cyber Resilience; Cyber Security; Data Breach; Ransomware Attack; Measurement Development

Suggested Citation

Tsen, Elinor and Ko, Ryan KL and Slapničar, Sergeja, An exploratory study of organizational cyber resilience, its precursors and outcomes (September 17, 2021). Available at SSRN: https://ssrn.com/abstract=3735636 or http://dx.doi.org/10.2139/ssrn.3735636

Elinor Tsen (Contact Author)

University of Queensland - Business School ( email )

Brisbane, Queensland 4072
Australia

Ryan KL Ko

School of Information Technology and Electrical Engineering, Faculty of Engineering, Architecture and Information Technology, University of Queensland ( email )

Queensland, 4072
Australia

Sergeja Slapničar

University of Queensland ( email )

St Lucia
Brisbane, Queensland 4072
Australia

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
392
Abstract Views
1,079
Rank
173,593
PlumX Metrics