Abstract
Cyber risk has been characterized as one of the top 10 global business risks. New threats brought on by technology developments such as the Internet of Things introduce new vulnerabilities to the firm, increasing the potential frequency and impact of cyberattacks. Current theory lacks a comprehensive framework for understanding the complex interactions that occur within an organization during a breach. To that end, we develop the Cyber-Based View (CBV) of the firm, a multidimensional conceptualization of firm readiness for a cyberattack. We demonstrate how the CBV fills a gap in the existing theory by incorporating physical, cognitive, and informational dimensions into a single framework. We show the utility of the CBV by applying the framework to analyze the Stuxnet cyberattack.
Recommended Citation
Schwartz, Tamara; Schuff, David; and Wray, Matt, "A Dynamic Cyber-Based View of the Firm" (2019). AMCIS 2019 Proceedings. 33.
https://aisel.aisnet.org/amcis2019/info_security_privacy/info_security_privacy/33
A Dynamic Cyber-Based View of the Firm
Cyber risk has been characterized as one of the top 10 global business risks. New threats brought on by technology developments such as the Internet of Things introduce new vulnerabilities to the firm, increasing the potential frequency and impact of cyberattacks. Current theory lacks a comprehensive framework for understanding the complex interactions that occur within an organization during a breach. To that end, we develop the Cyber-Based View (CBV) of the firm, a multidimensional conceptualization of firm readiness for a cyberattack. We demonstrate how the CBV fills a gap in the existing theory by incorporating physical, cognitive, and informational dimensions into a single framework. We show the utility of the CBV by applying the framework to analyze the Stuxnet cyberattack.