Impact of cyberattacks on stock performance: a comparative study

The study uses cyberattacks announcements on 96 firms that are listed on S&P 500 over the period January 03, 2013 and December 29, 2017.The empirical analysis was performed in two ways: cross-section and industry level. We employ statistical tests that account for the effects of cross-section correlation in returns, returns series correlation, volatility changes, and skewness in the returns and the results show the following.These imply that (1) studying the cumulative effects of cyberattacks on prices of listed firms without grouping them into the various sectors may be non-informative, (1) the financial sector firms tend to react cumulatively to cyberattacks over a 3-day period than other sectors, (3) technology firms tend to be less reactive to the announcement of a data breach, possibly such firms may have the necessary tools and techniques to address large-scale cyberattacks.For cross-section analysis, the outcome shows that the market does not significantly react to cyberattacks for all the event windows except [-30, 30], while for the sector-level analysis, the analysis offers two main results.First, while there is a firm reaction to cyber-attacks for long event window for retail sector, there is no evidence of a cumulative firm reaction to cyberattacks for both short and long event windows for the industrial, information technology and health sectors. Second, the firms in the financial sector, there is a strong evidence of cumulative reaction to cyberattacks for [-1, 1] for the financial industry, and the reactions disappear for relatively longer event windows.These imply that (1) studying the cumulative effects of cyberattacks on prices of listed firms without grouping them into the various sectors may be non-informative, (1) the financial sector firms tend to react cumulatively to cyberattacks over a 3-day period than other sectors, (3) technology firms tend to be less reactive to the announcement of a data breach, possibly such firms may have the necessary tools and techniques to address large-scale cyberattacks.The work provides new insights into the effect of cyber security on stock prices

The Federal Information Security Management Act of 2002: A Potemkin Village

Due to the daunting possibilities of cyberwarfare, and the ease with which cyberattacks may be conducted, the United Nations has warned that the next world war could be initiated through worldwide cyberattacks between countries. In response to the growing threat of cyberwarfare and the increasing importance of information security, Congress passed the Federal Information Security Management Act of 2002 (FISMA). FISMA recognizes the importance of information security to the national economic and security interests of the United States. However, this Note argues that FISMA has failed to significantly bolster information security, primarily because FISMA treats information security as a technological problem and not an economic problem. This Note analyzes existing proposals to incentivize heightened software quality assurance, and proposes a new solution designed to strengthen federal information security in light of the failings of FISMA and the trappings of Congress’s 2001 amendment to the Computer Fraud and Abuse Act

Responding to Election Meddling in the Cyberspace: An International Law Case Study on the Russian Interference in the 2016 Presidential Election

International law is not the most perfect legal regime, and, perhaps to no one’s surprise, it is even less perfect in cyberspace. The United States has been a victim to a series of malicious cyber operations in recent years, and the key question is how to respond to and deter them. This Article offers a detailed survey of the Russian interference in the 2016 presidential election in the context of international law. Adapting the framework created by Tallinn Manual 2.0 , the Article examines the international legal basis of the response measures employed by the United States and other possible alternative responses to the Russian operation. It concludes that none of these responses are both squarely supported by international law and desirable as a matter of national security police. This Article intends to show that international law contains considerable gray areas in the cyber realm that allow sophisticated adversaries like Russia to harm the core interest of the United States without substantial legal repercussions. The Article concludes by suggesting that a deterrence mechanism based on proactive national security policy would be more effective and practical than one based on international law

Freedom on the Net 2014 - Tightening the Net: Governments Expand Online Controls (Summary)

Internet freedom around the world has declined for the fourth consecutive year, with a growing number of countries introducing online censorship and monitoring practices that are simultaneously more aggressive and more sophisticated in their targeting of individual users. This booklet is a summary of findings for the 2014 edition of "Freedom on the Net.

Cyberwarfare and the Use of Force Giving Rise to the Right of Self-Defense

Cyberwarfare represents a novel weapon that has the potential to alter the way state and non-state actors conduct modern war. The unique nature of the threat and the ability for cyberwar practioners to inflict injury, death, and physical destruction via cyberspace strains traditional definitions of the use of force. In order to clearly delineate the rights of the parties involved, including the right to self-defense, the international community must come to some consensus on the meaning of cyberwarfare within the existing jus ad bellum paradigm. After examining the shortcomings inherent in classifying cyberattacks according to classical notions of kinetic warfare, this Note argues that international law should afford protection for states who initiate a good-faith response to a cyberattack, especially when the attack targets critical national infrastructure

Perspective: manufacturers should be liable when computer bugs leave consumers in the lurch

Auto makers are responsible for the safety and reliability of their cars. So why shouldn't software makers be held responsible for buggy computer programs?Computers ; Consumer protection

Strategic Management of the Organizations Cybersecurity : Conceptual Model of the Structure, Principles, and the Best Practices for Organizational Cybersecurity Excellence

Top management sees cybersecurity threats as one of the biggest concerns to their organisations and they have a good reason. Cyberattacks are increasing all over the world in scale and in sophistication. Regulators are demanding that organisations protect their user data with severe penalties if organization fails to comply. This study aims to address that concern by studying what has been done lately and based on that understanding by developing a new conceptual model that organisations can use to improve their strategic cybersecurity management. Research starts with two research questions: What is the current situation of the organisations in the field of strategic cybersecurity management? and what kind of models, frameworks, principles, and the practices we need to develop to achieve organizational cybersecurity excellence? This study is conducted by using mixed methods research approach. Starting from extensive literature review and theoretical framework from the latest scientific research by using qualitative research method and continuing with mainly secondary but also primary data collection by using quantitative research method. Both research methods are used to answer same research questions. Comparative and descriptive analysis is used to understand different quantities and perspectives, and to understand current situation in the field strategic cybersecurity management. Based on the literature review, theoretical framework, presented cybersecurity standards and frameworks, in-depth analysis, researcher’s observations, other findings, researcher's empirical experience, and surfaced improvement ideas during this study, a new conceptual strategic cybersecurity management model is developed to improve organisations strategic cybersecurity management. Conceptual model is a framework and contains three strategic choices that can act as guiding principles or practices to improve organisations cybersecurity. Originality of this study is that it proposes three strategic choices that organisations should use to improve their strategic cybersecurity management and to move towards cybersecurity excellence. These three proposed strategic choices are complete ownership which is controversial to current trend, secure by design which is not normally used and border control which can be compared to nations border control but in cyberspace. Model is represented in this study with simple execution examples and does not exclude any other strategic cybersecurity management practices.Organisaatioiden ylin johto näkee kyberturvallisuusuhat yhtenä suurimmista huolenaiheista, ja heillä on siihen hyvä syy. Kyberhyökkäykset ovat lisääntyneet kaikkialla maailmassa niin mittakaavaltaan kuin kehittyneisyydeltäänkin. Sääntelyviranomaiset vaativat organisaatioita suojaamaan käyttäjätietojaan ankarilla rangaistuksilla, mikäli organisaatiot eivät noudata viranomaisten vaatimuksia. Tämä tutkimus pyrkii vastaamaan tähän huolenaiheeseen selvittämällä, että mitä organisaatioissa on viime aikoina tehty? Ja tämän ymmärryksen pohjalta kehittämään uuden konseptuaalisen mallin, jonka avulla organisaatiot voivat parantaa strategista kyberturvallisuuden johtamista. Tutkimus alkaa kahdella tutkimuskysymyksellä: Mikä on organisaatioiden nykytilanne strategisen kyberturvallisuuden johtamisen alalla? ja millaisia malleja, rakenteita, periaatteita ja käytäntöjä meidän on kehitettävä saavuttaaksemme organisaation kyberturvallisuuden huippuosaamisen? Tämä tutkimus on toteutettu kvalitatiivisten ja kvantitatiivisten tutkimusmenetelmien yhdistelmällä. Alkaen laajasta kirjallisuuskatsauksesta ja teoreettisesta viitekehyksestä viimeisimmästä tieteellisestä tutkimuksesta käyttäen kvalitatiivista tutkimusmenetelmää. Ja jatkaen pääosin toissijaisella, mutta myös primäärisellä tiedonkeruulla käyttäen kvantitatiivista tutkimusmenetelmää. Molempia tutkimusmenetelmiä käytetään vastaamaan samoihin tutkimuskysymyksiin. Vertailevaa ja kuvailevaa analyysiä käytetään erilaisten suureiden ja näkökulmien ymmärtämiseen sekä alan strategisen kyberturvallisuuden johtamisen nykytilanteen ymmärtämiseen. Kirjallisuuskatsauksen, teoreettisen viitekehyksen, esitettyjen kyberturvallisuusstandardien ja -kehysten, syvällisen analyysin, tutkijan havaintojen, muiden havaintojen, tutkijan empiirisen kokemuksen perusteella ja tämän tutkimuksen aikana esiin tulleiden parannusideoiden pohjalta kehitetään uusi konseptuaalinen strategisen kyberturvallisuuden johtamismalli organisaatioiden tueksi. Konseptuaalinen malli on viitekehys ja sisältää kolme strategista valintaa, jotka voivat toimia ohjaavina periaatteina tai käytäntöinä parantamaan organisaation kyberturvallisuutta. Tämän tutkimuksen kontribuutio on se, että siinä ehdotetaan kolmea strategista valintaa, joita organisaatioiden tulisi käyttää parantaakseen strategista kyberturvallisuuden johtamista ja siirtyäkseen kohti kyberturvallisuuden huippuosaamista. Nämä kolme ehdotettua strategista valintaa ovat täydellinen omistajuus, joka on kiistanalainen nykytrendille, turvallinen suunnittelu, jota ei tavallisesti käytetä, ja rajavalvonta, jota voidaan verrata maiden rajavalvontaan, mutta kyberavaruudessa. Malli on esitetty tässä tutkimuksessa yksinkertaisilla suoritusesimerkeillä, eikä se sulje pois muita strategisia kyberturvallisuuden johtamiskäytäntöjä

Eleven years of cyberattacks on Chinese supply chains in an era of cyber warfare, a review and future research agenda

Purpose – The contribution of this study aims to twofold: First, it provides an overview of the current state of research on cyberattacks on Chinese supply chains (SCs). Second, it offers a look at the Chinese Government’s approach to fighting cyberattacks on Chinese SCs and its calls for global governance. Design/methodology/approach – A comprehensive literature review was conducted on Clarivate Analytics’ Web of Science, in Social Sciences Citation Index journals, Scopus and Google Scholar, published between 2010–2021. A systematic review of practitioner literature was also conducted. Findings – Chinese SCs have become a matter of national security, especially in the era of cyber warfare. The risks to SC have been outlined. Cybersecurity regulations are increasing as China aims to build a robust environment for cyberspace development. Using the Technology-organizationenvironment (TOE) framework, the results show that the top five factors influencing the adoption process in firms are as follows: relative advantage and technological readiness (Technology context); top management support and firm size (Organization context) and government policy and regulations (Environment context). Research limitations/implications – This review focuses on cyberattacks on Chinese SCs and great care was taken when selecting search terms. However, the author acknowledges that the choice of databases/terms may have excluded a few articles on cyberattacks from this review. Practical implications – This review provides managerial insights for SC practitioners into how cyberattacks have the potential to disrupt the global SC network. Originality/value – Past researchers proposed a taxonomic approach to evaluate progress with SC integration into Industry 4.0; in contrast, this study is one of the first steps toward an enhanced understanding of cyberattacks on Chinese SCs and their contribution to the global SC network using the TOE framewor

Strategies for Mitigating Cyberattacks Against Small Retail Businesses

Abstract Small retail businesses are increasingly becoming targets for social media cyberattacks, often losing profitability when forced to close operations after a cyberattack. Small retail business leaders are concerned with the negative impact of cyberattacks on firms’ viability and competitiveness. Grounded in general systems theory, the purpose of this qualitative multiple-case study was to explore strategies retail leaders use to deter social media cyberattacks. The participants were 11 small retail business leaders. Data were collected using semistructured interviews and analyzed using thematic analysis. Three themes emerged: using multiple strategies to deter social media cyberattacks, importance of training regarding cybersecurity best practices, and the need for a contingency plan. A key recommendation is for small retail business leaders to provide employees and customers with training regarding proper cybersecurity protocols. The implications for positive social change include the potential to improve cybersecurity measures and enhance a small business’ viability and employment opportunities, positively impacting local communities and tax revenues