SIG SEC - Information Security and Privacy
Loading...
Paper Type
ERF
Paper Number
1618
Description
The purpose of this study is to better understand the most effective remedial actions taken by an organization after an adverse cyber event (ACE). This is accomplished through the analysis of firm post event actions. A framework is constructed utilizing concepts deployed in Business Impact Analysis (BIA) within a cybersecurity and operational technology context. The concepts from BIA are integrated with stock price performance as a proxy of the value of a firm both pre and post-ACE. The comparative analysis of firm stock price and recuperative activities are considered in order to understand the most impactful remedial actions (RA) to the firm's perceived value relevant to the activities. The result can be utilized to find effective post remedial actions and the estimated time for recovery of a company’s stock price to non-negative excess returns prior to an ACE. This research will contribute to developing academic and practical knowledge within the areas of cybersecurity, impact mitigation, and firm performance.
Recommended Citation
Bernot, Jordan E. F. and Kim, Dan J., "Firms Data Breach and Ransomware Exposure and Recovery Through the Analysis of Post Factum Remedial Actions" (2022). AMCIS 2022 Proceedings. 5.
https://aisel.aisnet.org/amcis2022/sig_sec/sig_sec/5
Firms Data Breach and Ransomware Exposure and Recovery Through the Analysis of Post Factum Remedial Actions
The purpose of this study is to better understand the most effective remedial actions taken by an organization after an adverse cyber event (ACE). This is accomplished through the analysis of firm post event actions. A framework is constructed utilizing concepts deployed in Business Impact Analysis (BIA) within a cybersecurity and operational technology context. The concepts from BIA are integrated with stock price performance as a proxy of the value of a firm both pre and post-ACE. The comparative analysis of firm stock price and recuperative activities are considered in order to understand the most impactful remedial actions (RA) to the firm's perceived value relevant to the activities. The result can be utilized to find effective post remedial actions and the estimated time for recovery of a company’s stock price to non-negative excess returns prior to an ACE. This research will contribute to developing academic and practical knowledge within the areas of cybersecurity, impact mitigation, and firm performance.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIG SEC