ABSTRACT
This study examines the relationship between cybersecurity threats faced and cybersecurity response planned by organisations. Classifying cybersecurity threats into four types – physical threats, personnel threats, communication and data threats, and operational threats – this study examines organisational responses to such threats. Using textual data on cybersecurity threats and response gathered from the 10-K reports published by 87 organisations, topic modelling was conducted to assess the threats and response. A cross-sectional time-series regression model fitted on the topic weights showed that cybersecurity response was influenced by cybersecurity threats, beyond the time-invariant control and period variables. Specifically, physical threats and operational threats influenced the technical response; physical threats, communication and data threats, and operational threats influenced the non-technical response; and personnel threats influenced the overall response. Implications for research and practice are discussed.
Disclosure statement
No potential conflict of interest was reported by the authors.
Notes
2. https://cran.r-project.org/web/packages/edgarWebR/edgarWebR.pdf
3. The source code to batch download 10-Ks is available upon request.
4. https://privacyrights.org
5. https://aws.amazon.com/compliance/shared-responsibility-model/