References
- Yahoo KM. Execs botched its response to 2014 breach, investigation finds. CSO Online. 2017. [Accessed 2021 Feb 2]. https://www.csoonline.com/article/3176181/yahoo-execs-botched-its-response-to-2014-breach-investigation-finds.html.
- Perlroth N, Tsang A, Satariano A. Marriott hacking exposes data of up to 500 million guests. New York Times. 2018 [Accessed 2021 Feb 2]. https://www.nytimes.com/2018/11/30/business/marriott-data-breach.html.
- McLaughlin M, Gogan J. Challenges and best practices in information security management. MIS Quar Exec. 2018;17:237–62.
- Gerić S, Hutinski Ž. Information system security threats classifications. J Inf Organ Sci. 2017;31:51–61.
- Sen R, Borle S. Estimating the contextual risk of data breach: an empirical approach. J Manag Inf Sys. 2015;32:314–41.
- Somani G, Gaur GS, Sanghi D, Conti M, Buyya R. DDoS attacks in cloud computing: issues, taxonomy, and future. Comp Comm. 2017;107:30–48. doi:https://doi.org/10.1016/j.comcom.2017.03.010.
- Jenab K, Moslehpour S. Cyber security management: a review. Bus Manage Dyn. 2016;5:16–39.
- Yeh Q, Chang AJ. Threats and countermeasures for information system security: a cross-industry study. Inf Manage. 2007;44:480–91.
- Kwon J, Johnson ME. Security practices and regulatory compliance in the healthcare industry. J Am Med Inf Assoc. 2013;20(1):44–51. doi:https://doi.org/10.1136/amiajnl-2012-000906.
- Gordon LA, Loeb MP, Sohail T, Tseng C, Zhou L. Cybersecurity, capital allocations and management control systems. Eur Acc Rev. 2008;17(2):215–41. doi:https://doi.org/10.1080/09638180701819972.
- Cavusoglu H, Mishra B, Raghunathan S. The effect of internet security breach announcements on market value: capital market reactions for breached firms and internet security developers. Int J Elec Comm. 2004;9:69–104.
- Goel S, Shawky HA. Estimating the market impact of security breach announcements on firm values. Inf Manage. 2009;46:404–10.
- Telang R, Wattal S. An empirical analysis of the impact of software vulnerability announcements on firm stock price. IEEE Trans Soft Eng. 2007;33(8):544–57. doi:https://doi.org/10.1109/TSE.2007.70712.
- March JG. Exploration and exploitation in organizational learning. Organ Sci. 1991;2(1):71–87. doi:https://doi.org/10.1287/orsc.2.1.71.
- Lezzi M, Lazoi M, Corallo A. Cybersecurity for industry 4.0 in the current literature: a reference framework. Comp in Industr. 2018;103:97–110. doi:https://doi.org/10.1016/j.compind.2018.09.004.
- Rees LP, Deane JK, Rakes TR, Baker WH. Decision support for cybersecurity risk planning. Decis Support Syst. 2011;51(3):493–505. doi:https://doi.org/10.1016/j.dss.2011.02.013.
- Paul JA, Wang X. Socially optimal IT investment for cybersecurity. Decis Support Syst. 2019;122:1–12.
- Paté-Cornell M, Kuypers M, Smith M, Keller P. Cyber risk management for critical infrastructure: a risk analysis model and three case studies. Risk Anal. 2018;38(2):226–41. doi:https://doi.org/10.1111/risa.12844.
- Chen P, Kataria G, Krishnan R. Correlated failures, diversification, and information security risk management. MIS Quar. 2011;35(2):397–422. doi:https://doi.org/10.2307/23044049.
- Mukhopadhyay A, Chatterjee S, Saha D, Mahanti A, Sadhukhan SK. Cyber-risk decision models: to insure IT or not? Decis Support Syst. 2013;56:11–26. doi:https://doi.org/10.1016/j.dss.2013.04.004.
- Ahmad A, Maynard SB, Shanks G, Case A. Analysis of information systems and security incident responses. Int J Inf Manage. 2015;35(6):717–23. doi:https://doi.org/10.1016/j.ijinfomgt.2015.08.001.
- Imran M, Arif T, Shoab M. A statistical and theoretical analysis of cyberthreats and its impact on industries. Int J Sci Res Comp Sci Appl Manage Stud. 2018;7:1–7.
- Jouini M, Rabai LBA, Aissa AB. Classification of security threats in information systems. Procedia Comp Sci. 2014;32:489–96.
- Paoli L, Visschers J, Verstraete C. The impact of cybercrime on businesses: a novel conceptual framework and its application to Belgium. Crime Law Soc Change. 2018;70:397–420. doi:https://doi.org/10.1007/s10611-018-9774-y.
- Jang-Jaccard J, Nepal SA. Survey of emerging threats in cybersecurity. J Comp Syst Sci. 2014;80:973–93. doi:https://doi.org/10.1016/j.jcss.2014.02.005.
- Kane GC, Alavi M. Information technology and organizational learning: an investigation of exploration and exploitation processes. Organ Sci. 2007;18(5):796–812. doi:https://doi.org/10.1287/orsc.1070.0286.
- Pentland BT. Information systems and organizational learning: the social epistemology of organizational knowledge systems. Acc Manage Inf Tech. 1995;5:1–21.
- Durcikova A, Fadel KJ, Butler BS, Galletta DF. Knowledge exploration and exploitation: the impacts of psychological climate and knowledge management system access. Inf Sys Res. 2011;22(4):855–66. doi:https://doi.org/10.1287/isre.1100.0286.
- Hardy JH, Day EA, Hughes MG, Wang X, Schuelke MJ. Exploratory behavior in active learning: a between- and within-person examination. Organ Behav Hum Decis Process. 2014;125(2):98–112. doi:https://doi.org/10.1016/j.obhdp.2014.06.005.
- Hardy JH, Day EA, Arthur W. Exploration-exploitation tradeoffs and information-knowledge gaps in self-regulated learning: implications for learner-controlled training and development. Hum Resour Manage Rev. 2019;29:196–217.
- Larsson R, Bengtsson L, Henriksson K, Sparks J. The interorganizational learning dilemma: collective knowledge development in strategic alliances. Organ Sci. 1998;9(3):285–305. doi:https://doi.org/10.1287/orsc.9.3.285.
- Benitez J, Castillo A, Llorens J, Braojos J. IT-enabled knowledge ambidexterity and innovation performance in small U.S. firms: the moderator role of social media capability. Inf Manage. 2018;55:131–43.
- Ising EA, Acree AG. SEC issues guidance on cybersecurity disclosures. Insights. 2011;25:34–37.
- Angst CM, Block ES, D’Arcy J, Kelley K. When do IT security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches. MIS Quar. 2017;41(3):893–916. doi:https://doi.org/10.25300/MISQ/2017/41.3.10.