Files and links (1)
PDFOpen Access (License Unspecified), Open Access
Dissertation
Does increased attention result in increased action against cyberattacks?
Doctor of Business Administration (D.B.A.), Drexel University
Jun 2020
DOI:
https://doi.org/10.17918/00000993
Abstract
The purpose of this study was to explore whether an organization's perception of cyberattacks drives their cyber risk stance or whether their perception is driven by the financial significance of the cyberbreaches the firm (or one in its industry) has incurred to date. An observational study of a cross-section of 25 non-financial, non-utility Fortune 500 companies was conducted, investigating perceptions about cyberattacks and cybersecurity practices between 2013 and 2018. Each organization's cyber incident history and SEC risk reports were coded and compared to the management's perception, decision stance and adoption practices obtained from interviews with company employees participating in cyber risk decisioning and related analysis. The results were compared to a programmatic review of the cybersecurity posture of the Fortune 500 companies. Results indicate that management behaviors and actions within companies are out of alignment when it comes to addressing cybersecurity risks. Management perception, stance and adoption are all increasing, but are all significantly different. Attention is decreasing, but companies that have experienced a significant cyber event demonstrate greater alignment in management behaviors than those that have not. Furthermore, a comparison of cyberbreaches in 2013 to 2018 reveals that existing cyber risk behaviors, such as qualitative cybersecurity decisioning practices, have not been successful in preventing cyberattacks. Cyber events may be on the rise because of misalignment resulting from insufficient attention and qualitative cyber risk assessments alone are insufficient supporting evidence to drive optimal cybersecurity investment decisions.
Metrics
51 File views/ downloads
79 Record Views
Details
- Title
- Does increased attention result in increased action against cyberattacks?
- Creators
- Claudia J. Piccirilli
- Contributors
- Daniel Tzabbar (Advisor)Murugan Anandarajan (Advisor) - Drexel University, Decision Sciences (and Management Information Systems)
- Awarding Institution
- Drexel University
- Degree Awarded
- Doctor of Business Administration (D.B.A.)
- Publisher
- Drexel University; Philadelphia, Pennsylvania
- Number of pages
- xii, 283 pages
- Resource Type
- Dissertation
- Language
- English
- Academic Unit
- Bennett S. LeBow College of Business; Drexel University
- Other Identifier
- 991014695143104721