Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications

Abstract

PurposeThe growing frequency of cybersecurity incidents commonly requires organizations to notify customers of ongoing events. However, the content contained within these notifications varies widely, including differences in the level of detail, apportioning of blame, compensation and corrective action. This study seeks to identify patterns contained within cybersecurity incident notifications by constructing a typology of organizational responses.Design/methodology/approachBased on a detailed review of 1,073 global cybersecurity incidents occurring during 2020, the authors obtained and qualitatively analyzed 451 customer notifications.FindingsThe results reveal three distinct organizational response types associated with the level of detail contained within the notification (full transparency, guarded and opacity), as well as three response types associated with the benefitting party (customer interest, balanced interest and company interest).Originality/valueThis work extends past classifications of cybersecurity incident notifications and provides a template of possible notification approaches that could be adopted by organizations.