Content uploaded by Edward Marchewka
Author content
All content in this area was uploaded by Edward Marchewka on Mar 10, 2022
Content may be subject to copyright.
A preview of the PDF is not available
Reducing Cybersecurity Risk Information Asymmetry Phenomenon: A Prescriptive Approach to Improving Cybersecurity Risk Perception
Abstract
Cybersecurity remains a global problem, with several trillion dollars per year in stolen money and time. The decisions to protect organizations from cybersecurity risks lie with senior executives and board members. The continued increase in cybercrime indicates that senior business leaders are not addressing the cybersecurity risks. Struggles with understanding the risks due to information asymmetry combined with an affective response may be a reason for the lack of action on cybersecurity risks. Research indicated that speaking in business terms is required to better communicate to business leaders; however, a prescriptive approach is not present in the literature. Several general recommendations exist, but nothing is immediately actionable. The quantitative research effort attempted to provide a prescriptive approach to communicating cybersecurity risk by measuring risk perception of group one, senior executives and board members (n = 93), and group two, senior cybersecurity leaders (n = 108) when using tactical metrics presentation format and aggregated metrics presentation format. The results showed strong positive correlation between tactical and aggregated metrics presentation formats for both group one (ρ = 0.866, p < .001) and group two (r = 0.869, p < .001). However, there was no change in risk perception using either format in both group one (z = -0.205, p = .837) and group two (t(107) = -0.102, p = .919). The results indicate that the presentation format elicits the same amount of risk perception and that using either format may be appropriate when delivering the cybersecurity message.
ResearchGate has not been able to resolve any citations for this publication.
We are in the digital era where we cannot imagine our lives without the Internet. Technology has become an integral part of our daily routine, and with the significant rise in technology, we see huge growth in cybercrimes. The use of information is increasing every day with the advent of more social media platforms that utilize millions of data per second globally. These data include sensitive information such as trade secrets, privacy, and security issues. The number of crimes is increasing day by day, and these cyber crimes can impact an individual, an organization, or even a whole nation. The research study aims to spread awareness about cybercrimes by offering a detailed analysis of the awareness, impact, and challenges to anyone vulnerable to cybercrime. The methodology adopted to study and analyze the impact and challenges caused due to cybercrimes is qualitative research. On a concluding note, the study will present suggestions to overcome the challenges and talk about the research’s future scope.
Cybersecurity is a concern for organizations in this era. However, strengthening the security of an organization’s internal network may not be sufficient since modern organizations depend on third parties, and these dependencies may open new attack paths to cybercriminals. Cyber Third-Party Risk Management (C-TPRM) is a relatively new concept in the business world. All vendors or partners possess a potential security vulnerability and threat. Even if an organization has the best cybersecurity practice, its data, customers, and reputation may be at risk because of a third party. Organizations seek effective and efficient methods to assess their partners’ cybersecurity risks. In addition to intrusive methods to assess an organization’s cybersecurity risks, such as penetration testing, non-intrusive methods are emerging to conduct C-TPRM more easily by synthesizing the publicly available information without requiring any involvement of the subject organization. In this study, the existing methods for C-TPRM built by different companies are presented and compared to discover the commonly used indicators and criteria for the assessments. Additionally, the results of different methods assessing the cybersecurity risks of a specific organization were compared to examine reliability and consistency. The results showed that even if there is a similarity among the results, the provided security scores do not entirely converge.
This paper reports on a three-part investigation into people’s perceptions of cybersecurity, based on their lived experiences. We sought thereby to reveal issues located within the Johari grid’s “Blind Spot” quadrant. We utilized research methodologies from both the Arts and Science in order firstly to identify blind spot issues, and secondly to explore their dimensions. Our investigation confirmed a number of aspects that we were indeed aware of, when it came to people’s lived cybersecurity experiences. We also identified one particular blind spot issue: widespread, but not universal, negativity towards cybersecurity. We then carried out an investigation using a recognized methodology from psychology, as a first attempt to assess the nature of this negativity and to get a sense of its roots. What our initial experiment revealed was that scoping cybersecurity-related emotions is nontrivial and will require the formulation of new measurement tools. We conclude by reporting on the challenges, to inform researchers who plan to extend the research reported in this paper.
Cybercrime has proliferated over the last decade and is increasing in velocity and intensity. The need for employers to find highly skilled technologists to fill the many critical roles is reaching unprecedented levels. Men dominate the information technology fields such as cybersecurity and computer science. However, the need to bring more women into the various fields is necessary and would bring tremendous benefit to any organization. Much work needs to be done to generate interest in secondary schools by training teachers in technology so they can develop effective STEM curricula. Post-secondary schools need to focus on teacher development as well as developing information technology curricula that appeals to women. And once in the workplace, organizations need to develop policies and inclusive environments that do not alienate women.
Background
With the ever-expanding interconnectedness of the internet and especially with the recent development of the Internet of Things, people are increasingly at risk for cybersecurity breaches that can have far-reaching consequences for their personal and professional lives, with psychological and mental health ramifications.
Objective
We aimed to identify the dimensional structure of emotion processes triggered by one of the most emblematic scenarios of cybersecurity breach, the hacking of one’s smart security camera, and explore which personality characteristics systematically relate to these emotion dimensions.
MethodsA total of 902 participants from the United Kingdom and the Netherlands reported their emotion processes triggered by a cybersecurity breach scenario. Moreover, they reported on their Big Five personality traits, as well as on key indicators for resilient, overcontrolling (internalizing problems), and undercontrolling (aggression) personality types.
ResultsPrincipal component analyses revealed a clear 3-dimensional structure of emotion processes: emotional intensity, proactive versus fight/flight reactions, and affective versus cognitive/motivational reactions. Regression analyses revealed that more internalizing problems (β=.33, P
While individual perceptions of risk are central to many behavioral theories of hazard response and are of considerable interest in both conceptual and applied work surrounding risk, hazards, and decision making, there is currently no consensus on how perceived risk should best be measured. Several recent efforts have laid the groundwork for a conceptual model outlining four key factors that make up risk perception: exposure, susceptibility, severity, and affective response. In this article, we use an extensive scale-development process to develop empirically supported 3-4 item subscales to measure each of those four dimensions. Using cognitive interviewing techniques and several quantitative psychometric methods including exploratory and confirmatory factor analysis and item-response theory analyses, we reduce a large set of potential items to the highest-quality items to assess each subscale. These subscales can be used to make comparisons across perceived risk in different hazard contexts and populations.
We review the academic literature on “cyber risk” and “cyber insurance” in the fields of business (management, economics, finance, risk management and insurance) and actuarial science. Our results show that cyber risk is an increasingly important research topic in many disciplines, but one that so far has received little attention in business and actuarial science. Business research has documented the manifold detrimental effects of cyber risks using event studies and scenario analyses, while economic research is especially concerned with trade-offs between different risk management activities. Quantitative research including papers published in actuarial journals mainly focuses on loss modelling, especially taking dependencies and network structure into account. We categorize the empirical literature on cyber risk to filter out what we know on the frequency, severity and dependence structure of cyber risk. Finally, we list open research questions which demonstrate that cyber risk research is still in its infancy and that there is ample room for future research.