Toward enhancing the information base on costs of cyber incidents: implications from literature and a large-scale survey conducted in Germany

  • von Skarczinski B
  • Dreißigacker A
  • Teuteberg F
N/ACitations
Citations of this article
29Readers
Mendeley users who have this article in their library.

Abstract

Purpose Literature repeatedly complains about the lack of empirical data on the costs of cyber incidents within organizations. Simultaneously, managers urgently require transparent and reliable data in order to make well-informed and cost-benefit optimized decisions. The purpose of this paper is to (1) provide managers with differentiated empirical data on costs, and (2) derive an activity plan for organizations, the government and academia to improve the information base on the costs of cyber incidents. Design/methodology/approach The authors analyze the benchmark potential of costs within existing literature and conduct a large-scale interview survey with 5,000 German organizations. These costs are directly assignable to the most severe incident within the last 12 months, further categorized into attack types, cost items, employee classes and industry types. Based on previous literature, expert interviews and the empirical results, the authors draft an activity plan containing further research questions and action items. Findings The findings indicate that the majority of organizations suffer little to no costs, whereas only a small proportion suffers high costs. However, organizations are not affected equally since prevalence rates and costs according to attack types, employee classes, and other variables tend to vary. Moreover, the findings indicate that board members and IS/IT-managers show partly different response behaviors. Originality/value The authors present differentiated insights into the direct costs of cyber incidents, based on the authors' knowledge, this is the largest empirical survey in continental Europe and one of the first surveys providing in-depth cost information on German organizations.

Cite

CITATION STYLE

APA

von Skarczinski, B. S., Dreißigacker, A., & Teuteberg, F. (2022). Toward enhancing the information base on costs of cyber incidents: implications from literature and a large-scale survey conducted in Germany. Organizational Cybersecurity Journal: Practice, Process and People, 2(2), 79–112. https://doi.org/10.1108/ocj-08-2021-0020

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free