发布求助
文献互助 智能选刊 最新文献

On Gaps in Enterprise Cyber Attack Reporting

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI:10.1109/EuroSPW59978.2023.00030
Abulfaz Hajizada, T. Moore
{"title":"On Gaps in Enterprise Cyber Attack Reporting","authors":"Abulfaz Hajizada, T. Moore","doi":"10.1109/EuroSPW59978.2023.00030","DOIUrl":null,"url":null,"abstract":"It has long been lamented that firms underreport cyber attacks. In recent years, regulators have begun mandating that certain organizations must publicly report when incidents occur. Adherence to these requirements is an empirical question that has been largely unexamined to date. In this paper, we study regulatory filings by U.S. public companies to the Securities Exchange Commission and to the Department Health and Human Services that discuss cyber attacks. We also compare the findings against crowdsourced reports of cyber incidents appearing in media outlets. We find substantial gaps in coverage, both in terms of attacks that make the news but do not appear in regulatory filings and vice versa. We conclude by discussing the implications for the study of cyber attack and defense as well as for policymakers.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EuroSPW59978.2023.00030","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

It has long been lamented that firms underreport cyber attacks. In recent years, regulators have begun mandating that certain organizations must publicly report when incidents occur. Adherence to these requirements is an empirical question that has been largely unexamined to date. In this paper, we study regulatory filings by U.S. public companies to the Securities Exchange Commission and to the Department Health and Human Services that discuss cyber attacks. We also compare the findings against crowdsourced reports of cyber incidents appearing in media outlets. We find substantial gaps in coverage, both in terms of attacks that make the news but do not appear in regulatory filings and vice versa. We conclude by discussing the implications for the study of cyber attack and defense as well as for policymakers.
分享
查看原文 本刊更多论文
论企业网络攻击报告的漏洞
长期以来,人们一直对公司少报网络攻击感到遗憾。近年来,监管机构已经开始要求某些组织必须在事件发生时公开报告。遵守这些要求是一个经验问题,迄今为止在很大程度上尚未得到检验。在本文中,我们研究了美国上市公司向证券交易委员会(Securities Exchange Commission)和卫生与公众服务部(Department Health and Human Services)提交的有关网络攻击的监管文件。我们还将调查结果与媒体上出现的网络事件众包报告进行了比较。我们发现在报道方面存在很大的差距,无论是在成为新闻但没有出现在监管文件中的攻击方面,还是在反之亦然。最后,我们讨论了对网络攻击和防御研究以及政策制定者的影响。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信