Paper Type

Complete

Abstract

Cybersecurity risk presents a significant and growing challenge for firms. Understanding better how firms are defending themselves can help answer important questions about which controls are more effective and whether firms are investing enough in their defenses. Unfortunately, data on firm-level cybersecurity investments have been difficult for researchers to obtain at large scale. This paper describes a method for constructing firm-level cybersecurity posture metrics by aggregating a selection of data on security products tracked in the SWZD Company Information database. Our exploratory analysis demonstrates this dataset's value in enriching cybersecurity research, offering novel perspectives that could shape sector-specific best practices and enable empirical evaluation of security controls.

Paper Number

1627

Comments

SIGSEC

Share

COinS
Top 25 Paper Badge
 
Aug 16th, 12:00 AM

Construction and Analysis of a Large-Scale Firm-Level Cybersecurity Posture Dataset

Cybersecurity risk presents a significant and growing challenge for firms. Understanding better how firms are defending themselves can help answer important questions about which controls are more effective and whether firms are investing enough in their defenses. Unfortunately, data on firm-level cybersecurity investments have been difficult for researchers to obtain at large scale. This paper describes a method for constructing firm-level cybersecurity posture metrics by aggregating a selection of data on security products tracked in the SWZD Company Information database. Our exploratory analysis demonstrates this dataset's value in enriching cybersecurity research, offering novel perspectives that could shape sector-specific best practices and enable empirical evaluation of security controls.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.