57 résultats
pour « cybersecurity »
"Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security- and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide a brief overview of the current cybersecurity regulation and emphasize the role of insurance companies as private regulators."
"We believe our paper adds to the important body of cybersecurity literature that explores the roles of government and business, particularly corporate directors, in the governance of data security."
"... supply chain network features add significant detection power to predicting enterprise cyber risk, relative to merely using enterprise-only attributes. Particularly, compared to a base model that relies only on internal enterprise features... Given that each cyber data breach is a low probability high impact risk event, these improvements in the prediction power have significant value."
"Using a large sample of U.S. firms over the period 2007-2017, we find that when cybersecurity risk is higher, firms hold more cash."
"These attacks are unknown to the human eye due to malicious intent to harm any underlying infrastructure. So, to overcome the problems and make a flexible solution, we propose a framework where machine learning algorithms are applied to find relevant features from the existing dataset."
"... there is a risk that the EU’s Network and Information Systems Directive (‘NIS Directive’) might lead to only incremental improvements in the cybersecurity of Europe’s critical infrastructure and digital services, while generating substantial compliance activity, aimed at placating regulators and reassuring the general public."
"We apply Weick’s (1995) sensemaking framework to examine four foundational tensions of cyber-resilience: a definitional tension, an environmental tension, an internal tension, and a regulatory tension. We then document how these tensions are embedded in cyber-resilience practices at the preparatory, response and adaptive stages. We rely on qualitative data from a sample of 58 cybersecurity professionals in the financial sector..."
"Our evidence also implies that client firms that share the same audit office as breached firms increase their disclosure of cybersecurity risk and their demand for cybersecurity human capital. Reconciling with the Bayesian learning theory, these effects only manifest for auditors located in states that have been only sporadically exposed to data breaches."
"Social engineering is a very common type of malicious activity conducted on cyberspace that targets both individuals and companies in order to gain access to information or systems. It is part of the broader domain of cybersecurity and the first step to mitigate this type of attack is to know its attack vectors. This way, the risk of becoming a victim of this type of attack can be reduced by technical means, proper security culture and procedural solutions..."
"Organizations closest to full adoption are those under the prudential regulation (coercive forces), whereas efficiency motives and mimetic forces drive organizations to seek fluidity by ‘blending’ the segregated lines to ensure fast reactions to changing environment."