Advanced search
Publication Cover
Journal of Organizational Computing and Electronic Commerce Volume 33, 2023 - Issue 1-2
Submit an article Journal homepage
652
Views
0
CrossRef citations to date
0
Altmetric
Research Article

CAN CYBER RISK OF HEALTH CARE FIRMS BE INSURED? A MULTINOMIAL LOGISTIC REGRESSION MODEL

Swati JainInformation Technology and Systems, Indian Institute of Management Lucknow, Lucknow, IndiaCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0003-2445-8107View further author information
ORCID Icon,
Arunabha MukhopadhyayInformation Technology and Systems, Indian Institute of Management Lucknow, Lucknow, IndiaView further author information
&
Saloni JainInformation Technology and Systems, Indian Institute of Management Lucknow, Lucknow, IndiaView further author information
Pages 41-69 | Published online: 10 Aug 2023

References

  • Abraham, C., D. Chatterjee, and R. R. Sims. 2019. Muddling through cybersecurity: Insights from the US healthcare industry. Business Horizons 62 (4):539–48. doi:10.1016/j.bushor.2019.03.010.
  • Alawida, M., A. Esther Omolara, O. Isaac Abiodun, and M. Al-Rajab. 2022. A deeper look into cybersecurity issues in the wake of Covid-19: A Survey. Journal of King Saud University - Computer and Information Sciences 34 (10):8176–206. doi:10.1016/j.jksuci.2022.08.003.
  • AlGhamdi, S., K. Than Win, and E. Vlahu-Gjorgievska. 2020. Information security governance challenges and critical success factors: Systematic review. Computers & Security 99:102030. doi:10.1016/j.cose.2020.102030.
  • Almashhadani, A. O., M. Kaiiali, S. Sezer, and P. O’Kane. 2019. A multi-classifier network-based crypto ransomware detection system: a case study of locky ransomware. IEEE Access 7:47053–67. doi:10.1109/ACCESS.2019.2907485.
  • Al-Rimy, B. A. S., M. Aizaini Maarof, and S. Zainudeen Mohd Shaid. 2018. Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Computers & Security 74:144–66. doi:10.1016/j.cose.2018.01.001.
  • AlSadhan, T., and J. S. Park. 2021. “Leveraging information security continuous monitoring to enhance cybersecurity.” In 2021 International Conference on Computational Science and Computational Intelligence (CSCI), 753–59. doi:10.1109/CSCI54926.2021.00189.
  • Angst, C. M., E. S. Block, J. D’Arcy, and K. Kelley. 2017. When do it security investments matter? accounting for the influence of institutional factors in the context of healthcare data breaches. MIS Quarterly 41 (3):893–916. doi:10.25300/MISQ/2017/41.3.10.
  • Annette, S., and P. L. Foster. 2019. COSO: Internal Control - Integrated Framework: An Implementation Guide for the Healthcare Industry. COSO - Committee of Sponsoring Organizations of the Treadway Commission 5:5.
  • Arunabha, M., S. Chatterjee, D. Saha, A. Mahanti, and S. K. Sadhukhan. 2013. Cyber-risk decision models: To insure it or not? Decision Support Systems. 56(1):11–26.https://www.nbcnews.com/tech/security/medical-informatics-engineering-hack-exposed-data-3-9-million-people-n403351. Elsevier B.V. 2015. “Medical Informatics Engineering Hack Exposed Data on 3.9 Million People.”. 10.1016/j.dss.2013.04.004.
  • Austin, R. D., and C. A. R. Darby. 2003. “Harvard business review online | the myth of secure computing the myth of secure computing.” http://www.hbsp.org.
  • Baksi, R. P., and S. J. Upadhyaya. 2021. Decepticon: A theoretical framework to counter advanced persistent threats. Information Systems Frontiers 23 (4):897–913. doi:10.1007/s10796-020-10087-4.
  • Balaraman, P., and K. Kosalram. 2013. E –Hospital management & hospital information systems – changing trends. International Journal of Information Engineering and Electronic Business 5 (1):50–58. doi:10.5815/ijieeb.2013.01.06.
  • Baldwin, J., and A. Dehghantanha. 2018. Leveraging support vector machine for opcode density based detection of crypto-ransomware. In Cyber threat intelligence, ed. A. Dehghantanha, M. Conti, and T. Dargahi, 107–36. Cham: Springer International Publishing. doi:10.1007/978-3-319-73951-9_6.
  • Baskerville, R. L. 1993. Information systems security design methods: Implications for information systems development. ACM Computing Surveys 25 (4):375–414. doi:10.1145/162124.162127.
  • Baskerville, R. L., D. W. Straub, and S. Goodman. 2008. Strategic information security risk management. In Information security policy, processes, and practices, 112–22. Armonk, New York: ME Sharpe.
  • Becker, G. 1990. The economic approach to human behavior. Chicago: University of Chicago Press.
  • Benz, M., and D. Chatterjee. 2020. Calculated Risk? A cybersecurity evaluation tool for SMEs. Business Horizons 63 (4):531–40. 10.1016/j.bushor.2020.03.010.
  • Biswas, B., and A. Mukhopadhyay. 2018. G-RAM framework for software risk assessment and mitigation strategies in organisations. Journal of Enterprise Information Management 31 (2):276–99. doi:10.1108/JEIM-05-2017-0069.
  • Biswas, B., A. Mukhopadhyay, S. Bhattacharjee, A. Kumar, and D. Delen. 2022. A text-mining based cyber-risk assessment and mitigation framework for critical analysis of online hacker forums. Decision Support Systems 152:113651. doi:10.1016/j.dss.2021.113651.
  • Bodeau, D., S. Boyle, and J. Fabius-Greene. 2010. “Cyber Security governance a component of MITRE’ s cyber prep methodology.”
  • Böhme, R., and K. Gaurav. 2006. On the Limits of Cyber-Insurance. In Trust and Privacy in Digital Business, ed. S. Fischer-Hübner, S. Furnell, and C. Lambrinoudakis, 31–40. Berlin, HeidelbergBerlin Heidelberg: Springer. doi:10.1007/11824633_4.
  • Boss, S. R., D. F. Galletta, P. Benjamin Lowry, G. D. Moody, and P. Polak. 2015. What do systems users have to fear? using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quarterly 39 (4):837–64. doi:10.25300/MISQ/2015/39.4.5.
  • Bulgurcu B, Cavusoglu H, and Benbasat I. 2010. Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly 34 (3):523. doi:10.2307/25750690.
  • Burns, A. J., M. Eric Johnson, and D. D. Caputo. 2019. Spear phishing in a barrel: insights from a targeted phishing campaign. Journal of Organizational Computing and Electronic Commerce. 29 (1):24–39. Taylor & Francis. doi:10.1080/10919392.2019.1552745.
  • Castilla, E., and P. J. Chocano. 2022. A new robust approach for multinomial logistic regression with complex design model. IEEE Transactions on Information Theory. 68 (11):7379–95. Institute of Electrical and Electronics Engineers Inc. doi:10.1109/TIT.2022.3187063.
  • Chadd, A.2018.DDoS Attacks: Past, present and future.Network Security. 2018 MA Business London.13–15:10.1016/S1353-4858(18)30069-2.7.
  • Chatterjee, D. 2019. Should executives go to jail over cybersecurity breaches? Journal of Organizational Computing and Electronic Commerce. 29 (1):1–3. Taylor & Francis. doi:10.1080/10919392.2019.1568713.
  • Chatterjee, D. 2021. Cybersecurity readiness: A holistic and high-performance approach. Thousand Oaks, California. doi: 10.4135/9781071837313.
  • Check, P. 2022. “Cyberattacks on the Healthcare Sector.” https://www.checkpoint.com/cyber-hub/cyber-security/what-is-healthcare-cyber-security/cyberattacks-on-the-healthcare-sector/.
  • Chen, P.-Y., G. Kataria, and R. Krishnan. 2011. Correlated failures, diversification, and information security risk management. MIS Quarterly 35 (2):397–422. Management Information Systems Research Center, University of Minnesota. doi:10.2307/23044049.
  • COBIT. 2007. “Effective IT Governance at Your Fingertips.” https://www.isaca.org/resources/cobit.
  • COBIT. 2019. “Control Objectives for Information Technologies.” ISACA Journal. https://www.isaca.org/resources/cobit.
  • Cohen, A., and N. Nissim. 2018. Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory. Expert Systems with Applications 102 (C):158–78. USA: Pergamon Press, Inc. doi:10.1016/j.eswa.2018.02.039.
  • COSO. 1994. COSO: Internal Control – Integrated Framework, issued 1994.
  • Coventry, L., and D. Branley. 2018. Cybersecurity in Healthcare: A narrative review of trends, threats and ways forward. Maturitas 113 (July):48–52. doi:10.1016/j.maturitas.2018.04.008.
  • Coventry, L., D. Branley-Bell, E. Sillence, S. Magalini, P. Mari, A. Magkanaraki, and K. Anastasopoulou. 2020. Cyber-Risk in Healthcare: Exploring Facilitators and Barriers to Secure Behaviour. In HCI for Cybersecurity, Privacy and Trust, ed. A. Moallem, 105–22. Springer International Publishing.
  • Cram, W., J. Proudfoot, and J. D’Arcy. 2021. When enough is enough: Investigating the antecedents and consequences of information security fatigue. Information Systems Journal 31 (4):521–49. doi:10.1111/isj.12319.
  • Das, S., A. Mukhopadhyay, D. Saha, and S. Sadhukhan. 2019. A Markov-based model for information security risk assessment in healthcare manETs. Information Systems Frontiers 21 (5):959–77. doi:10.1007/s10796-017-9809-4.
  • Dogan, O., and B. Öztaysi. 2018. “In-store behavioral analytics technology selection using fuzzy decision making”. Journal of Enterprise Information Management. 31 (4):612–30. Emerald Publishing Limited. doi:10.1108/JEIM-02-2018-0035.
  • 2022. “DoS Vs DDos attack - l7 defense: API security solutions.” https://www.l7defense.com/cyber-security/ddos-vs-dos/.
  • Durcekova, V., L. Schwartz, and N. Shahmehri. 2012. “Sophisticated denial of service attacks aimed at application layer.” In 2012 ELEKTRO, Rajeck Teplice, Slovakia, 55–60. IEEE.
  • Dutta, K., and J. Perry. 2006. “A tale of tails: an empirical analysis of loss distribution models for estimating operational risk capital.” FRB of Boston Working Paper.
  • Eling, M. 2020. Cyber risk research in business and actuarial science. European Actuarial Journal 10 (2):303–33. doi:10.1007/s13385-020-00250-1.
  • Eling, M., and W. Schnell. 2016. What do we know about cyber risk and cyber risk insurance? The Journal of Risk Finance. 17 (5):474–91. Emerald Group Publishing Limited. doi:10.1108/JRF-09-2016-0122.
  • Elinor, T., K. L. K. Ryan, and S. Slapnicar. 2022. An exploratory study of organizational cyber resilience, its precursors and outcomes. Journal of Organizational Computing and Electronic Commerce 32 (2):153–74. Taylor & Francis. doi:10.1080/10919392.2022.2068906.
  • Estay, D. A. S., R. Sahay, M. B. Barfod, and C. D. Jensen. 2020. A systematic review of cyber-resilience assessment frameworks. Computers & Security 97:101996. Elsevier: 101996. doi:10.1016/j.cose.2020.101996.
  • Fazlida, M. R., and J. Said. 2015. Information Security: Risk, governance and implementation setback. Procedia Economics and Finance 28:243–48. doi:10.1016/S2212-5671(15)01106-5.
  • Fitzpatrick, J. R. 2021. Criticality Analysis Helping Healthcare Address the Threat of Ransomware CJA at a Glance. The Mitre corporation.
  • Gopalakrishna-Remani, V., R. Paul Jones, and K. M. Camp. 2019. Levels of EMR Adoption in U.S. Hospitals: An empirical examination of absorptive capacity, institutional pressures, top management beliefs, and participation. Information Systems Frontiers 21 (6):1325–44. doi:10.1007/s10796-018-9836-9.
  • Gordon, L. A., M. P. Loeb, and W. Lucyshyn. 2003. Information security expenditures and real options: A wait-and-see approach. Computer Security Journal 19 (2):1–7. Computer Security Institute.
  • Han, J., M. Kamber, and J. Pei. 2012. Data Mining Concepts and Techniques. USA: Morgan Kaufmann Publishers.
  • Hanus, B., and Y. “. Wu. 2016. Impact of users’ security awareness on desktop security behavior: a protection motivation theory perspective. Information Systems Management. 33 (1):2–16. Taylor & Francis. doi:10.1080/10580530.2015.1117842.
  • Harrison, A. S., P. Sullivan, A. Kubli, K. M. Wilson, A. Taylor, N. DeGregorio, J. Riggs, M. Werner-Wasik, A. Dicker, and Y. Vinogradskiy. 2022. How to respond to a ransomware attack? One radiation oncology department’s response to a cyber-attack on their record and verify system. Practical Radiation Oncology 12 (2):170–74. Elsevier Inc. doi:10.1016/j.prro.2021.09.011.
  • Harun, O., A. Aris, A. Levi, and A. Selcuk Uluagac. 2022. A survey on ransomware: evolution, taxonomy, and defense solutions. ACM Computing Surveys 54 (11s):1–37. doi:10.1145/3514229.
  • Hastie, T., R. Tibshirani, and J. Friedman. 2001. The Elements of Statistical Learning. New York, NY, USA: Springer New York Inc.
  • Health, I. S. 2021. “The threat of distributed denial-of-service attacks in healthcare.” https://healthitsecurity.com/features/the-threat-of-distributed-denial-of-service-attacks-in-healthcare.
  • Herath, T. C., H. S. B. Herath, and J. D’Arcy. 2020. Organizational adoption of information security solutions: An integrative lens based on innovation adoption and the technology- organization- environment framework. SIGMIS Database 51 (2):12–35. New York, NY, USA Association for Computing Machinery. doi:10.1145/3400043.3400046.
  • He, W., and Z. Zuopeng. 2019. Enterprise cybersecurity training and awareness programs: Recommendations for success. Journal of Organizational Computing and Electronic Commerce 29 (4):249–57. doi: 10.1080/10919392.2019.1611528.
  • HHS. 2016. “Office for Civil Rights,” no. April 2013: 1–8. https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf.
  • HIPAA. 2014. HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework. U.S. Department of Health and Human Services 1–35.
  • Hofstede, R., M. Jonker, A. Sperotto, and A. Pras. 2017. Flow-Based web application brute-force attack and compromise detection. Journal of Network and Systems Management. 25 (4):735–58. Springer New York. doi:10.1007/s10922-017-9421-4.
  • Hossack, I., J. Pollard, and B. Zehnwirth. 1983. Introductory Statistics with Applications in General Insurance, Vol. 1, 1–282. Cambridge: Cambridge University Press.
  • IBM. 2022a. Cost of a Data Breach 2022.
  • IBM. 2022b. “What is Security Information and Event Management (SIEM)?” IBM. https://www.ibm.com/in-en/topics/siem.
  • IBM Security. 2019. “IBM Cost of a Data Breach Report. Computer Fraud & Security”. 2019 (8):4–4. doi:10.1016/s1361-3723(21)00082-8.
  • IBM Security. 2020. “IBM Cost of a Data Breach ReportComputer Fraud & Security”. 2020 84–4. doi: 10.1016/s1361-3723(21)00082-88.
  • IBM Security. 2022. Definitive Guide to Ransomware 2022. IBM.
  • Jain, S., S. Jain, and A. Mukhopadhyay. 2023. Is US Healthcare Prepared to Resist a DoS Attack? In INDAM 2023 @ SBM - NMIMS MUMBAI. Mumbai.
  • Jain, S., and A. Mukhopadhyay. 2022a. “Growing menace of ransomware: its detection and mitigation.” In SOM 2022: 25th Annual International Conference of the Society of Operations Management,Indian Institute of Management Indore, 2:1–5. Indore.
  • Jain, S., and A. Mukhopadhyay. 2022b. “Impact of cyber-attack on organizations: threat exposure assessment, quantification, and mitigation.” In Bright Internet Global Summit (BIGS) 2022,Pre-International Conference on Information Systems (ICIS) 2022, Copenhagen. Copenhagen, Denmark.
  • Jain, S., and Mukhopadhyay, A. 2023. Vulnerability-based Cyber-Risk Management : A Text-mining Approach. AMCIS 2023 Proceedings 17. https://aisel.aisnet.org/amcis2023/sig_sec/sig_sec/17.
  • Jain, S., K. Sharma, and A. Mukhopadhyay. 2021. “Does network traffic slowdown impact revenue of e-commerce firms?” In 8th Pan IIM World Management Conference, IIM Kozhikode, Kozhikode, India, 587–94. Kozhikode.
  • Jeyaraj, A., and A. Zadeh. 2020. Institutional isomorphism in organizational cybersecurity: A text analytics approach. Journal of Organizational Computing and Electronic Commerce. 30 (4):361–80. Taylor & Francis. doi:10.1080/10919392.2020.1776033.
  • Juhee, K., and M. Eric Johnson. 2018. Meaningful Healthcare Security: Does meaningful-use attestation improve information security performance? MIS Quarterly: Management Information Systems 42 (4):1043–67. doi:10.25300/MISQ/2018/13580.
  • Kandasamy, K., S. Srinivas, K. Achuthan, and V. P. Rangan. 2022. “Digital healthcare-cyberattacks in Asian organizations: An analysis of vulnerabilities, risks, nist perspectives, and recommendations.“ IEEE Access 10:12345–64.
  • Kaspersky. 2015. “Collateral Damage: 26% of DDoS Attacks Lead to Data Loss.” https://www.kaspersky.com/about/press-releases/2015_collateral-damage-26-of-ddos-attacks-lead-to-data-loss.
  • Kleindorfer, P. R., and H. Kunreuther. 1999. The complementary roles of mitigation and insurance in managing catastrophic risks. Risk Analysis. 19 (4):727–38. Wiley Online Library. doi:10.1111/j.1539-6924.1999.tb00442.x.
  • Kotenko, I., and A. Chechulin. 2013. “A cyber attack modeling and impact assessment framework.” 2013 5th International Conference on Cyber Conflict (CYCON 2013), Tallinn, Estonia, 1–24.
  • Kugler, R. L. 2021. Deterrence of Cyber Attacks. Angewandte Chemie International Edition 6 (11):951–952. 2013–15.
  • Kwon, J., and M. Johnson. 2014. Proactive versus reactive security investments in the healthcare sector. MIS Quarterly 38 (June):451–71. doi:10.25300/MISQ/2014/38.2.06.
  • Lee, Y., and K. R. Larsen. 2009. Threat or coping appraisal: Determinants of SMB executives’ decision to adopt anti-malware software. European Journal of Information Systems. 18 (2):177–87. Taylor & Francis. doi:10.1057/ejis.2009.11.
  • Li, H., S. Yoo, and W. J. Kettinger. 2021. The roles of it strategies and security investments in reducing organizational security breaches. Journal of Management Information Systems. 38 (1):222–45. Routledge. doi:10.1080/07421222.2021.1870390.
  • Malatji, M. 2022. “Industrial Control Systems Cybersecurity: Back to Basic Cyber Hygiene Practices.” In 2022 International Conference on Electrical, Computer and Energy Technologies (ICECET), 1–7. doi:10.1109/ICECET55527.2022.9872810.
  • Marotta, A., F. Martinelli, S. Nanni, A. Orlando, and A. Yautsiukhin. 2017. Cyber-Insurance Survey. Computer Science Review 24:35–61. doi:10.1016/j.cosrev.2017.01.001.
  • Martin, G., P. Martin, C. Hankin, A. Darzi, and J. Kinross. 2017 July. Cybersecurity and Healthcare: How safe are we? BMJ j3179. doi:10.1136/bmj.j3179.
  • Miloević, J., H. Sandberg, and K. Henrik Johansson. 2018. Estimating the Impact of Cyber-Attack Strategies for Stochastic Control Systems. ArXiv: Systems and Control.
  • Mirkovic, J., and P. Reiher. 2004. A taxonomy of ddos attack and ddos defense mechanisms. SIGCOMM Computer Communication Review 34 (2):39–53. New York, NY, USA Association for Computing Machinery. doi:10.1145/997150.997156.
  • Montesino, R., S. Fenz, and W. Baluja. 2012. SIEM‐based Framework for Security Controls Automation. Information Management & Computer Security. 20 (4):248–63. Emerald Group Publishing Limited. doi:10.1108/09685221211267639.
  • Muckin, M., and S. C. Fitch. 2019. A Threat-Driven Approach to Cyber Security. Lockheed Martin Corporation, 1–45.
  • Muhly, F., Ö. Işik, and P. Leo. 2022. The Ransomware Dilemma. MIT Sloan Management Review. https://sloanreview.mit.edu/article/the-ransomware-dilemma/.
  • Mukhopadhyay, A., S. Chatterjee, K. K. Bagchi, P. J. Kirs, and G. K. Shukla. 2019. Cyber risk assessment and mitigation (cram) framework using logit and probit models for cyber insurance. Information Systems Frontiers 21 (5):997–1018. doi:10.1007/s10796-017-9808-5.
  • NBC News. 2015. Medical Informatics Engineering Hack Exposed Data on 3.9 Million People. https://www.nbcnews.com/tech/security/medical-informatics-engineering-hack-exposed-data-3-9-million-people-n403351
  • NIST. 1990. “Health IT.” https://www.nist.gov/health-it.
  • NIST. 2014. “Framework for Improving Critical Infrastructure Cybersecurity.” https://www.nist.gov/system/files/documents/cyberframework/cybersecurity-framework-021214.pdf.
  • NIST2018The Five Functions NIST. Gaithersburg, MDApril1610.6028/NIST.CSWP.04162018
  • NIST. 2022a. “Advanced DDoS Mitigation Techniques.” https://www.nist.gov/programs-projects/advanced-ddos-mitigation-techniques.
  • NIST. 2022b. Getting started with cybersecurity risk management: Ransomware. https://csrc.nist.gov/pubs/other/2022/02/24/getting-started-with-cybersecurity-risk-management/final.
  • Olt, C., T. U. Darmstadt, T. U. Darmstadt, P. Buxmann, T. Universität Darmstadt, and C. M. Olt. 2019. “Association for Information Systems AIS Electronic Library (AISeL) on the Benefits of senior executives ’ information security awareness on the benefits of senior executives ’ information security awareness completed research paper.”
  • Palanisamy, R., A. Anir Norman, and M. Laiha Mat Kiah. 2021. BYOD security risks and mitigation strategies: insights from it security experts. Journal of Organizational Computing and Electronic Commerce 31 (4):320–42. Taylor & Francis. doi:10.1080/10919392.2022.2028530.
  • Pal, S., and A. Mukhopadhyay. 2018a. “Cyber risk quantification and mitigation framework for healthcare using machine learning.“ Americas Conference on Information Systems 2018: Digital Disruption 1–10.
  • Pal, S., and A. Mukhopadhyay. 2018b. “Framework to Explain Factors Affecting Severity of Exposure of Medical Data Breach: A Statistical Analysis.” Americas Conference on Information Systems 2018: Digital Disruption, AMCIS 2018, 1–5.
  • Pang, M. S., and H. Tanriverdi. 2022. Strategic roles of it modernization and cloud migration in reducing cybersecurity risks of organizations: the case of u.s. federal government. Journal of Strategic Information Systems 31 (1):1. doi:10.1016/j.jsis.2022.101707.
  • Porter, M. E., C. M. Christensen, W. Chan Kim, and R. A. Mauborgne. 2022. HBR at 100: The most influential and innovative articles from Harvard business review’s first century. Brighton, Massachusetts: Harvard Business Press.
  • Poyraz, O. I., M. Canan, C. A. P. Michael McShane, T. Steven Cotter, and T. S. Cotter. 2020. Cyber assets at risk: Monetary impact of u.s. personally identifiable information mega data breaches. The Geneva Papers on Risk and Insurance - Issues and Practice 45 (4):616–38. doi:10.1057/s41288-020-00185-4.
  • Ramesh, G., and A. Menen. 2020. Automated dynamic approach for detecting ransomware using finite-state machine. Decision Support Systems. 138 (January):113400. Elsevier. doi:10.1016/j.dss.2020.113400.
  • Ransbotham, S., and S. Mitra. 2009. Choice and Chance: A conceptual model of paths to information security compromise. Information Systems Research. 20 (1):121–39. INFORMS. doi:10.1287/isre.1080.0174.
  • Redscan. 2020. “Premera Blue Cross Phishing Attack.” https://www.redscan.com/news/premera-blue-cross-phishing-attack/.
  • Rees, J., and J. Allen. 2008. The state of risk assessment practices in information security: An exploratory investigation. Journal of Organizational Computing and Electronic Commerce 18 (4):255–77. doi:10.1080/10919390802421242.
  • Renaud, K., M. Warkentin, and G. Westerman. 2023. From ChatGPT to HackGPT: Meeting the cybersecurity threat of generative AI. MIT Sloan Management Review.
  • Riegler, M., J. Sametinger, and J. W. Rozenblit. 2022. “Context-Aware Security Modes For Medical Devices.” In 2022 Annual Modeling and Simulation Conference (ANNSIM), 372–82. doi:10.23919/ANNSIM55834.2022.9859283.
  • Roberts, P. 2015. “DDoS as a Cover for Data Theft.” https://www.digitalguardian.com/blog/ddos-cover-data-theft.
  • Rocha, A., and S. Klein Goldenstein. 2013. Multiclass from binary: Expanding one-versus-all, one-versus-one and ecoc-based approaches. IEEE Transactions on Neural Networks and Learning Systems. 25 (2):289–302. IEEE. doi:10.1109/TNNLS.2013.2274735.
  • Rodrigue, M., M. Magnan, and C. Cho. April 2013. Is environmental governance substantive or symbolic? An empirical investigation. Journal of Business Ethics 114(1):107–29. doi: 10.1007/s10551-012-1331-5.
  • Rogers, R. W. 1975. A protection motivation theory of fear appeals and attitude change1. The Journal of Psychology 91 (1):93–114. doi:10.1080/00223980.1975.9915803.
  • Santini, P., G. Gottardi, M. Baldi, and F. Chiaraluce. 2019. A data-driven approach to cyber risk assessment. Security and Communication Networks 2019:1–8. 2019. Hindawi. doi:10.1155/2019/6716918.
  • Schlette, D., M. Caselli, and G. Pernul. 2021. A comparative study on cyber threat intelligence: The security incident response perspective. IEEE Communications Surveys & Tutorials 23 (4):2525–56. doi:10.1109/COMST.2021.3117338.
  • Security, I. B. M. 2022. “Cost of a data breach report.”
  • Security Rule, H. I. P. A. A. 2003. Health insurance reform: Security standards. final rule. Federal Register 68 (34):8334–81.
  • Sen, R., and S. Borle. 2015. Estimating the contextual risk of data breach: An empirical approach. Journal of Management Information Systems. 32 (2):314–41. Routledge. doi:10.1080/07421222.2015.1063315.
  • Sharma, K., and A. Mukhopadhyay. 2021. Kernel naïve Bayes classifier-based cyber-risk assessment and mitigation framework for online gaming platforms. Journal of Organizational Computing and Electronic Commerce. 31 (4):343–63. Taylor & Francis. doi:10.1080/10919392.2021.1987790.
  • Sharma, K., and A. Mukhopadhyay. 2022a. Cyber-risk management framework for online gaming firms: An artificial neural network approach. Information Systems Frontiers. doi:10.1007/s10796-021-10232-7.
  • Sharma, K., and A. Mukhopadhyay. 2022b. Sarima-based cyber-risk assessment and mitigation model for a smart city’s traffic management systems (Scram). Journal of Organizational Computing and Electronic Commerce 32 (1):1–20. doi:10.1080/10919392.2022.2054259.
  • Smith, C. 2018. Cybersecurity implications in an interconnected healthcare system. Frontiers of Health Services Management 35 (1):37–40. doi:10.1097/HAP.0000000000000039.
  • Solomon, A., M. Michaelshvili, R. Bitton, B. Shapira, L. Rokach, R. Puzis, and A. Shabtai. 2022. Contextual security awareness: a context-based approach for assessing the security awareness of users. Knowledge-Based Systems 246:108709. doi:10.1016/j.knosys.2022.108709.
  • Souppaya, M., and K. Scarfone. 2013. Guide to malware incident prevention and handling for desktops and laptops. NIST Special Publication 800. doi:10.6028/NIST.SP.800-83r1%0A.
  • Straub, D. W., and R. J. Welke. 1998. Coping with systems risk: Security planning models for management decision making. MIS Quarterly: Management Information Systems 22 (4):441–64. doi:10.2307/249551.
  • Tanriverdi, H., J. Kwon, and I. Ghiyoung 2020. “Data breaches in multihospital systems: antecedents and mitigation mechanisms.” In ICIS 2020 Proceedings. International Conference on Information Systems, ICIS. Association for Information Systems. https://icis2020.aisconferences.org/.
  • Tarafdar, P., and I. Bose. 2019. Systems theoretic process analysis of information security: the case of aadhaar. Journal of Organizational Computing and Electronic Commerce 29 (3):209–22. doi:10.1080/10919392.2019.1598608.
  • Ten, C.-W., G. Manimaran, and C.-C. Liu. 2010. Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans 40 (4):853–65. doi:10.1109/TSMCA.2010.2048028.
  • Thapngam, T., Y. Shui, W. Zhou, and S. Kami Makki. 2014. Distributed denial of service (ddos) detection by traffic pattern analysis. Peer-To-Peer Networking and Applications. 7 (4):346–58. Springer. doi:10.1007/s12083-012-0173-3.
  • Thomas, J. 2018. Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. International Journal of Business & Management 13 (6):1. doi:10.5539/ijbm.v13n6p1.
  • Trinity Health. 2020. “Blackbaud recovery Hartford, Connecticut (ct), Trinity Health of New England.” https://www.trinityhealthofne.org/about-us/blackbaud-recovery.
  • Tripathi, M., and A. Mukhopadhyay. 2020. Financial loss due to a data privacy breach: An empirical analysis. Journal of Organizational Computing and Electronic Commerce. 30 (4):381–400. Taylor & Francis. doi:10.1080/10919392.2020.1818521.
  • Tripathi, M., and A. Mukhopadhyay. 2022a. Does privacy breach affect firm performance? An analysis incorporating event-induced changes and event clustering. Information & Management 59 (8):103707. doi:10.1016/j.im.2022.103707.
  • Tripathi, M., and A. Mukhopadhyay. September 2022b. Does privacy breach affect firm performance? An analysis incorporating event-induced changes and event clustering. Information & Management 59 (8):103707. doi:10.1016/j.im.2022.103707.
  • UpGuard. 2023. “Biggest cyber threats in healthcare.” https://www.upguard.com/blog/biggest-cyber-threats-in-healthcare.
  • US-CERT. 2012. “Data backup options.” https://www.cisa.gov/uscert/sites/default/files/publications/data_backup_options.pdf.
  • The Verge. 2020. “Amazon says it mitigated the largest ddos attack ever recorded.” https://www.theverge.com/2020/6/18/21295337/amazon-aws-biggest-ddos-attack-ever-2-3-tbps-shield-github-netscout-arbor.
  • Viswanath Prakash, A., and S. Das. 2020. “Would you trust a bot for healthcare advice? an empirical investigation.” In. PACIS 2020 Proceedings. aisel.aisnet.org/pacis2020/62.
  • Wang, J., A. Chaudhury, and R. Rao. 2008. Research note —a value-at-risk approach to information security investment. Information Systems Research 19 (March):106–20. doi:10.1287/isre.1070.0143.
  • Wang, J., M. Gupta, and H. Raghav Rao. 2015. Insider threats in a financial institution. MIS Quarterly. 39 (1):91–112. https://www.jstor.org/stable/26628342.
  • Wang, T., K. Kannan, and J. Ulmer. January 2013. The association between the disclosure and the realization of information security risk factors. Information Systems Research 24(2):201–18. doi: 10.2139/ssrn.1083992.
  • Weixun, L., A. C. M. L. Wilson, and W. Thoo Yue. 2023. Where is it in information security? the interrelationship among it investment, security awareness, and data breaches. MIS Quarterly 47 (1):317–42. doi:10.25300/MISQ/2022/15713.
  • Williams, M. 2022. “Healthcare data breaches & DDoS Attacks: A rising threat?” https://www.verizon.com/business/resources/articles/s/healthcare-data-breaches-and-ddos-in-healthcare/.
  • Zhang, C., P. Junbiao, and X. Jingwei. 2019. An advanced persistent distributed denial-of-service attacked dynamical model on networks. In Discrete Dynamics in Nature and Society, ed. C. Qian, 2051489. Hindawi. doi:10.1155/2019/2051489.
  • Zuhair, H., A. Selamat, and O. Krejcar. 2020. A multi-tier streaming analytics model of 0-day ransomware detection using machine learning. Applied Sciences 10 (9). doi:10.3390/app10093210.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.