Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications

Abstract: The growing frequency of cybersecurity incidents commonly requires organizations to notify customers of ongoing events. However, the content contained within these notifications varies widely, including differences in the level of detail, apportioning of blame, compensation, and corrective action. This study seeks to identify patterns contained within cybersecurity incident notifications by constructing a typology of organizational responses. Based on a detailed review of 465 global cybersecurity incidents tha… Show more