Situational awareness about data breaches and ransomware attacks: A multi-dimensional cyber threat impact framework and content analyses of practitioner-public discourses

Abstract

Cyber threat incidents are increasingly on the rise resulting in concern among the public. Recently, data breaches and ransomware attacks have emerged as two types of critical cyber threats in terms of impact to both organizations and individuals. As such, organizations and the public have started to discuss these threats in various forms. While the former discusses the threats in practitioner reports that are available for public consumption, social media platforms are the preferred avenue for the public. Though literature has started to examine the issues regarding such cyber threat incidents, research on cyber threats, its resultant discourse on social media and its potential for situational awareness and for extracting meaningful or actionable cyber intelligence is scarce. This paper makes a twofold contribution: first, it extracts multiple dimensions of cyber threats from an examination of theoretical, regulatory and domain specific literature. We term these dimensions, leak, laws, cause, and cost and use them for creating a cyber-threat impact framework. Second, by undertaking text mining for content analysis of large datasets from Verizon’s Data Breach Investigation Reports (DBIR) as well as social media discourses from Twitter, this paper investigates the practitioner-public discourses about the two types of cyber threat incidents to uncover relative significance of different dimensions for situational awareness. The paper finds that topical similarities and differences exist between data breach and ransomware attack incidents on different dimensions in the cyber-threat impact framework. The dual analysis of practitioner and public discourses allows situational awareness that policy makers can use for developing appropriate cyber intelligence and cyber threat defense policies.