More Security, less Harm? Exploring the Link between Security Measures and Direct Costs of Cyber Incidents within Firms using PLS-PM

Presenter Information

Bennet Simon von Skarczinski, PricewaterhouseCoopers (PwC) Germany, GermanyFollow
Arne Dreissigacker, Criminological Research Institute of Lower Saxony (KFN), GermanyFollow
Frank Teuteberg, University of Osnabrueck, GermanyFollow

Description

As one of the first articles to empirically explore the direct costs of cyber incidents, our research provides novel and significant insights into the structural links between cyber incidents, exposure, and security within firms, as well as the related technical consequences. We employ an explorative approach, which is based on the causal information/cyber risk models proposed by Cohen et al. and Woods & Böhme, as well as PLS-modeling to analyze data from 493 firms that have incurred direct costs from their most severe cyber incident in the last 12 months. These data are part of a larger dataset, based on a representative and stratified random sample of 5,000 organizations that participated in a survey in 2018/19. Based on our model, we discuss the results and derive implications that are highly relevant to the alignment of IT (security) strategy and management. Furthermore, we identify gaps to be assessed in future research.

Recommended Citation

von Skarczinski, Bennet Simon; Dreissigacker, Arne; and Teuteberg, Frank, "More Security, less Harm? Exploring the Link between Security Measures and Direct Costs of Cyber Incidents within Firms using PLS-PM" (2022). Wirtschaftsinformatik 2022 Proceedings. 2.
https://aisel.aisnet.org/wi2022/it_strategy/it_strategy/2