Search results

This study aims to examine the research output on cyber insurance from 2002 to 2021 through an extensive bibliometric analysis. It examines the cyber insurance resources and how the process of cyber insurance works.

This paper uses Scopus and VOSviewer to analyze cyber insurance papers. Using 503 papers from Scopus, this paper enhances the understanding of cyber insurance through collaborative network maps of experts and researchers.

The study comprehensively evaluates the development of cyber research. The results show that the number of research articles on cyber insurance has significantly increased since 2009.

The study's results offer practical implications for researchers to gain knowledge on the latest trends and developments in the domain. In addition, the study highlights the significance of cyber insurance in mitigating financial risks linked to cyberattacks, potentially boosting the investment of more organizations in such policies. Furthermore, practitioners can enhance their understanding of the various types of cyber insurance policies and their coverage.

Our results are likely to encourage practitioners, computer scientists, auditors, accountants and lawyers to contribute further to corporate strategies, data analytics and business operations to mitigate cyber risk consequences. In addition, understanding regarding the cyber insurance concept formed between experts and researchers is limited. This paper fills this gap by evaluating and identifying the development of cyber insurance literature.

Nonexperts do not always follow the advice in cybersecurity warning messages. To increase compliance, it is recommended that warning messages use nontechnical language, describe how the cyberattack will affect the user personally and do so in a way that aligns with how the user thinks about cyberattacks. Implementing those recommendations requires an understanding of how nonexperts think about cyberattack consequences. Unfortunately, research has yet to reveal nonexperts’ thinking about cyberattack consequences. Toward that end, the purpose of this study was to examine how nonexperts think about cyberattack consequences.

Nonexperts sorted cyberattack consequences based on perceived similarity and labeled each group based on the reason those grouped consequences were perceived to be similar. Participants’ labels were analyzed to understand the general themes and the specific features that are present in nonexperts’ thinking.

The results suggested participants mainly thought about cyberattack consequences in terms of what the attacker is doing and what will be affected. Further, the results suggested participants thought about certain aspects of the consequences in concrete terms and other aspects of the consequences in general terms.

This research illuminates how nonexperts think about cyberattack consequences. This paper also reveals what aspects of nonexperts’ thinking are more or less concrete and identifies specific terminology that can be used to describe aspects that fall into each case. Such information allows one to align warning messages to nonexperts’ thinking in more nuanced ways than would otherwise be possible.

Cyber resilience has emerged as an approach for seaports to deal with cyberattacks; it emphasizes ports’ ability to prepare for an attack and to keep operating and recover quickly. However, little research has been undertaken on the challenges of governing cyber risks in seaports. This study aims to address this gap.

Governing cyber resilience is shaped by distributed responsibilities, uncertainties and ambiguities. The authors use this conceptualization to explore the governance of cyber risks in seaports, taking the Port of Rotterdam as a case study and analyzing semistructured interviews with stakeholders, participatory observation and policy documents and legislation.

The authors found that many strategies for governing cyber risks remain dedicated to protecting computer systems against cyberattacks. Nevertheless, port stakeholders have also developed strategies in anticipation of disruptions. However, these strategies appear informal and uncoordinated due to a lack of information exchange, insufficient knowledge regarding cyber risks and disagreement about how to make the Port of Rotterdam cyber resilient. What mainly hampers the cyber resilience of the port is the lack of a comprehensive regulatory framework and economic incentives. The authors conclude that resilience is merely an ideal at the Port of Rotterdam, meaning related governance strategies remain incremental and await institutionalization.

This paper offers insights into the cyber resilience of critical socio-technical systems, which have been underexposed in cyber resilience debates, but, when exploited, can manifest in large-scale disruptions.

The banking industry has always been vulnerable to cyberattacks. In recent years, Pakistan’s banking sector experienced the most intense cyberattack in its over 70-year history. Due to these attacks, a large number of debit card accounts of major banks were negotiated. This study aims to examine the impact of cyberattack awareness and customers’ commitment levels after these cyberattacks.

The study integrated the commitment–trust theory framework for the relationship of trust and commitment to the usage of online banking services. The partial least square structural equation modeling is being used to explore the relationship between customer’s trust, which is an outcome of continuous usage, and customer perception of affirmative cybersecurity measures the bank.

The findings revealed that customer trust in online banking is positively associated with customer commitment, but customers’ cyberattack awareness negatively impacts customer trust and commitment to online banking.

The study highlights the importance of proactive communication, transparency and robust incident response that helps organizations establish themselves as trustworthy entities while prioritizing customer information and transaction protection.

The authors report on how cyberattacks on the banking sector influence the trust and commitment of the customers in the sector. The variable of cyberattack awareness used in this study is novel in online banking literature.

This paper aims to outline how destructive communication exemplified by ransomware cyberattacks destroys the process of organization, causes a “state of exception,” and thus constitutes organization. The authors build on Agamben's state of exception and translate it into communicative constitution of organization (CCO) theory.

A significant increase of cyberattacks have impacted organizations in recent times and laid organizations under siege. This conceptual research builds on illustrative cases chosen by positive deviance case selection (PDCS) of ransomware attacks.

CCO theory focuses mainly on ordering characteristics of communication. The authors aim to complement this view with a perspective on destructive communication that destroys the process of organization. Based on illustrative cases, the authors conceptualize a process model of destructive CCO.

The authors expand thoughts about a digital “corporate immune system” to question current offensive cybersecurity strategies of deterrence and promote resilience approaches instead.

Informed by destructive communication of cyberattacks, this theory advancement supports arguments to include notions of disorder into CCO theory. Furthermore, the paper explains where disruptions like cyberattacks may trigger sensemaking and change to preserve stability. Finally, a novel definition of ‘destructive CCO’ is provided: Destructive Communication Constitutes Organization by disrupting and destroying its site and surface while triggering sensemaking and becoming part of sensemaking itself.

Although being considered for adoption by stakeholders in container shipping, application of blockchain is hindered by different factors. This paper investigates the potential operational risks of blockchain-integrated container shipping systems as one of such barriers.

Literature review is employed as the method of risk identification. Scientific articles, special institutional reports and publications of blockchain solution providers were included in an inclusive qualitative analysis. A directed acyclic graph (DAG) was constructed and analyzed based on network topological metrics.

Twenty-eight potential risks and 47 connections were identified in three groups of initiative, transitional and sequel. The DAG analysis results reflect a relatively well-connected network of identified hazardous events (HEs), suggesting the pervasiveness of information risks and various multiple-event risk scenarios. The criticality of the connected systems' security and information accuracy are also indicated.

This paper indicates the changes of container shipping operational risk in the process of blockchain integration by using updated data. It creates awareness of the emerging risks, provides their insights and establishes the basis for further research.

In the current scenario, cybersecurity issues have emerged to be a major challenge for firms to deal with. The increased use of technologies has increased radically the volume and typology of information produced, exchanged, and managed by firms thus creating conditions for cybersecurity incidents or information breaches. In this situation, it becomes paramount for firms to recognize cybersecurity risks and be prepared to prevent them through the implementation of approaches and technologies able to ensure a high level of protection.

In this chapter, we provide a framework for analyzing and managing cybersecurity risks. We employed a case study strategy to understand how the risk analysis process is carried out within an Information Security company. The study and observations obtained from this case study have permitted to define a framework useful for SME to deal with cybersecurity issues.

This chapter examines the world of risk management within fintech. It initiates by emphasizing the crucial role of technology and risk assessment in shaping the fintech landscape. It discusses various risk categories prevalent in fintech operations, elucidating the nuances of technology, operational, compliance, strategic, and reputational risks. A comparative analysis across different fintech sub-sectors unveils their distinct risk profiles. The narrative extends to proactive risk management frameworks, contrasting prominent models like the COSO ERM, FAIR Risk Quantification, and NIST Cybersecurity Frameworks. Integral defense measures are scrutinized, encompassing data encryption, access controls, vulnerability assessments, and incident response plans. This chapter underscores the significance of building operational resilience through robust technology infrastructure, regular system updates, disaster recovery planning, and business continuity measures. Ultimately, this chapter culminates in a comprehensive summary, offering pragmatic recommendations to fortify technology risk management in fintech.

The learning outcome of this paper is to identify and interpret the risks linked to cyber-security and their impact on the organization. Analyze business management regarding cyber-security and information technology (IT) risk management. Evaluate and propose decision-making strategies for IT projects.

Silver Bank is a financial entity with broad national coverage. Its growth was directly related to its investments in customer service. The entire organization is focused on satisfying its clients’ needs, improving their experience and making them loyal to the company. However, it did not pay enough attention to a threat that, with time, had become more pronounced: cyber-attacks. Its efforts to fight against this threat were only temporary solutions, as gaps in its IT system made it an easy target for criminals until the arrival of Iván Ramírez, who proposes a holistic solution to decrease the probability and severity of these attacks. However, past experiences, ignorance and budget constraints make it a difficult task to convince the bank’s board of directors to implement the proposed solution.

The case can be used as teaching material in upper-level undergraduate and graduate management courses: –undergraduate courses: information technology management, IT project analysis and management – MBA or graduate courses: information technology management, strategic management and security governance.

Teaching notes are available for educators only.

CSS 11: Strategy.