Cybercrime Deterrence and International Legislation:  Evidence from Distributed Denial of Service Attacks

Hui, Kai Lung; Kim, Seung Hyun; Wang, Qiu Hong

doi:10.25300/misq/2017/41.2.08

Cited by 60 publications

(28 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Research has examined how corruption and political stability/sovereignty influence national preparedness toward cybersecurity (Hui et al, 2017). Another study investigates how electronic government implementation reduces corruption in institutions (Srivastava, Teo, & Devaraj, 2016).…”

Section: Socio-political Contextmentioning

confidence: 99%

Context-specific theorizing in ICT4D research

Andoh‐Baidoo

2017

Information Technology for Development

View full text Add to dashboard Cite

Section: Socio-political Contextmentioning

confidence: 99%

Context-specific theorizing in ICT4D research

Andoh‐Baidoo

2017

Information Technology for Development

View full text Add to dashboard Cite

“…Research also suggests that attackers in cyberspace are not only rational and motivated by economic incentives, but also act strategically in identifying targets and approaches [8]-"The good guys are getting better, but the bad guys are getting badder faster" [9]. Perhaps there was a time a decade ago when cybersecurity was only a matter of "if" an organization was going to be compromised, but today it has become a question of "when," and "at what level.…”

Section: Introductionmentioning

confidence: 99%

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

2017

View full text Add to dashboard Cite

Abstract:We developed a simulation game to study how well decision makers understand two fundamental aspects of complexity in cybersecurity: potential delays in building capabilities, and uncertainties in predicting cyber-incidents. Analyzing 1,479 simulation runs, we compared the performances of a group of experienced professionals to an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects. Both groups also exhibited similar errors when dealing with the uncertainty of cyber-incidents. Our findings highlight the importance of training for decision-makers, and lay the groundwork for future research in uncovering mental biases about the complexities of cybersecurity.

show abstract

“…This setting enables us to observe organizations' natural reactions to our treatment and to collect data for empirical analyses. Similar to Hui et al (2017), we adopt an international perspective and perform a quasi-experiment on multiple countries, extending the existing empirical studies on information security that consider only US organizations (e.g., He et al 2016, Romanosky et al 2011). The existing literature on security-related public policies focuses on information sharing and disclosure, whereas we focus on reputational sanctions, particularly in the form of a top-10 list, which has been shown to significantly influence consumer preferences Zhang 2016, Adomavicius et al 2013).…”

Section: Resultsmentioning

confidence: 99%

“…Lastly, our work contributes to public policies on information security that target organizations that knowingly leave vulnerabilities unresolved. The prior work on security-related public policies has focused on the behavior of software vendors (Arora et al 2005, August and Tunca 2011, Kim et al 2011, Telang and Wattal 2007, attackers (Arora et al 2006, Hui et al 2017, Mitra and Ransbotham 2015, Ransbotham et al 2012, and consumers (Romanosky et al 2011). The organizations with security vulnerabilities are the important middlemen between attackers and victims.…”

Section: Resultsmentioning

confidence: 99%

Do Reputational Sanctions Deter Negligence in Information Security Management? A Field Quasi‐Experiment

Tang

Whinston

2020

Production and Operations Management

View full text Add to dashboard Cite

Security negligence, a major cause of data breaches, occurs when an organization's information technology management fails to adequately address security vulnerabilities. By conducting a field quasi‐experiment using outgoing spam as a focal security issue, this study investigates the effectiveness of reputational sanctions in reducing security negligence in a global context. In the quasi‐experiment, a reputational sanction mechanism based on outgoing spam was established for four countries, and for each country, reputational sanctions were imposed on the 10 organizations with the largest outgoing spam volumes—that is, these organizations were listed publicly. We find that because of our reputational sanction mechanism, organizations in the four countries, including those that were not listed, reduced outgoing spam significantly compared to those in similar countries. Within each country, the listed organizations, whose reputations were actually sanctioned, reduced spam to a greater extent than those that were not listed. The spam reduction in the not‐listed organizations is mainly driven by increased security awareness, while the reduction in the listed organizations is primarily due to reputation effect. Among the listed organizations, those ranked lower were more responsive to the reputational sanctions. Moreover, we find that reputational sanctions have a stronger effect on large organizations and important organizations that provide network access and transit to others.

show abstract

Cybercrime Deterrence and International Legislation: Evidence from Distributed Denial of Service Attacks

Cited by 60 publications

References 32 publications

Context-specific theorizing in ICT4D research

Context-specific theorizing in ICT4D research

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

Do Reputational Sanctions Deter Negligence in Information Security Management? A Field Quasi‐Experiment

Contact Info

Product

Resources

About