{"title":"Is Cybersecurity a Social Responsibility?","authors":"Waqas Nawaz Khan, Jae Kyu Lee, Shan Liu","doi":"10.1007/s10796-024-10565-z","DOIUrl":null,"url":null,"abstract":"<p>Cybersecurity incidents damage not only the organizations attacked, but also society in general, harming customers and stakeholders. Through the text mining of the incident database, we observed that the impact of cybersecurity incident trends became more outward-oriented causing increased risks associated with social responsibility. Thus, this study aims to validate the potential effect of cybersecurity incidents on social responsibility risks and stock price drops. To derive meaningful factors from the description of incidents, we mined the texts to extract the features of the severity of incidents and their direction of impact whether inward or outward. The severity score is derived from sentiment analysis and the impact direction by topic modeling and machine learning models including SVM, LSTM, and BERT. The effects of these incident features are studied through regression models with social responsibility risk and stock price drops as dependent variables. To conduct this study, we collected incident texts from the Privacy Rights Clearinghouse database, and social responsibility risk indices from the Privacy and Data Security index and Cyber Risk Rating scores. The subsequent short-term stock price drops are measured by Cumulative Abnormal Returns and their variations. Our analysis revealed a profound impact of cybersecurity incidents on social responsibility risk indices and stock price drops with the moderating effect of outward impact in both models. However, we recognize the incompatibility between an annual index of social responsibility risk and short-term stock price drops. Therefore, we propose a short-term social responsibility risk index for cybersecurity which can be derived from the disclosed incidents. All these scenarios support the premise that cybersecurity incidents significantly impact the social responsibility risk and may lead to potential stock price drops.</p>","PeriodicalId":13610,"journal":{"name":"Information Systems Frontiers","volume":"4 1","pages":""},"PeriodicalIF":6.9000,"publicationDate":"2025-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Systems Frontiers","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10796-024-10565-z","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Cybersecurity incidents damage not only the organizations attacked, but also society in general, harming customers and stakeholders. Through the text mining of the incident database, we observed that the impact of cybersecurity incident trends became more outward-oriented causing increased risks associated with social responsibility. Thus, this study aims to validate the potential effect of cybersecurity incidents on social responsibility risks and stock price drops. To derive meaningful factors from the description of incidents, we mined the texts to extract the features of the severity of incidents and their direction of impact whether inward or outward. The severity score is derived from sentiment analysis and the impact direction by topic modeling and machine learning models including SVM, LSTM, and BERT. The effects of these incident features are studied through regression models with social responsibility risk and stock price drops as dependent variables. To conduct this study, we collected incident texts from the Privacy Rights Clearinghouse database, and social responsibility risk indices from the Privacy and Data Security index and Cyber Risk Rating scores. The subsequent short-term stock price drops are measured by Cumulative Abnormal Returns and their variations. Our analysis revealed a profound impact of cybersecurity incidents on social responsibility risk indices and stock price drops with the moderating effect of outward impact in both models. However, we recognize the incompatibility between an annual index of social responsibility risk and short-term stock price drops. Therefore, we propose a short-term social responsibility risk index for cybersecurity which can be derived from the disclosed incidents. All these scenarios support the premise that cybersecurity incidents significantly impact the social responsibility risk and may lead to potential stock price drops.
期刊介绍:
The interdisciplinary interfaces of Information Systems (IS) are fast emerging as defining areas of research and development in IS. These developments are largely due to the transformation of Information Technology (IT) towards networked worlds and its effects on global communications and economies. While these developments are shaping the way information is used in all forms of human enterprise, they are also setting the tone and pace of information systems of the future. The major advances in IT such as client/server systems, the Internet and the desktop/multimedia computing revolution, for example, have led to numerous important vistas of research and development with considerable practical impact and academic significance. While the industry seeks to develop high performance IS/IT solutions to a variety of contemporary information support needs, academia looks to extend the reach of IS technology into new application domains. Information Systems Frontiers (ISF) aims to provide a common forum of dissemination of frontline industrial developments of substantial academic value and pioneering academic research of significant practical impact.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
