Search results

1 – 1 of 1
Open Access
Article
Publication date: 23 December 2022

W. Alec Cram and Rissaile Mouajou-Kenfack

The growing frequency of cybersecurity incidents commonly requires organizations to notify customers of ongoing events. However, the content contained within these notifications…

Abstract

Purpose

The growing frequency of cybersecurity incidents commonly requires organizations to notify customers of ongoing events. However, the content contained within these notifications varies widely, including differences in the level of detail, apportioning of blame, compensation and corrective action. This study seeks to identify patterns contained within cybersecurity incident notifications by constructing a typology of organizational responses.

Design/methodology/approach

Based on a detailed review of 1,073 global cybersecurity incidents occurring during 2020, the authors obtained and qualitatively analyzed 451 customer notifications.

Findings

The results reveal three distinct organizational response types associated with the level of detail contained within the notification (full transparency, guarded and opacity), as well as three response types associated with the benefitting party (customer interest, balanced interest and company interest).

Originality/value

This work extends past classifications of cybersecurity incident notifications and provides a template of possible notification approaches that could be adopted by organizations.

Details

Organizational Cybersecurity Journal: Practice, Process and People, vol. 3 no. 1
Type: Research Article
ISSN: 2635-0270

Keywords

1 – 1 of 1