A framework for effective corporate communication after cyber security
incidents
- URL: http://arxiv.org/abs/2009.09210v1
- Date: Sat, 19 Sep 2020 11:08:53 GMT
- Title: A framework for effective corporate communication after cyber security
incidents
- Authors: Richard Knight and Jason R. C. Nurse
- Abstract summary: Major cyber security incidents can represent a cyber crisis for an organisation, in particular because of the associated risk of reputational damage.
This research seeks to tackle this problem through a critical, multi-faceted investigation into the efficacy of crisis communication and public relations following a data breach.
It does so by drawing on academic literature, obtained through a systematic literature review, and real-world case studies.
The validity of this framework is demonstrated by its evaluation through interviews with senior industry professionals, as well as a critical assessment against relevant practice and research.
- Score: 2.66512000865131
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: A major cyber security incident can represent a cyber crisis for an
organisation, in particular because of the associated risk of substantial
reputational damage. As the likelihood of falling victim to a cyberattack has
increased over time, so too has the need to understand exactly what is
effective corporate communication after an attack, and how best to engage the
concerns of customers, partners and other stakeholders. This research seeks to
tackle this problem through a critical, multi-faceted investigation into the
efficacy of crisis communication and public relations following a data breach.
It does so by drawing on academic literature, obtained through a systematic
literature review, and real-world case studies. Qualitative data analysis is
used to interpret and structure the results, allowing for the development of a
new, comprehensive framework for corporate communication to support companies
in their preparation and response to such events. The validity of this
framework is demonstrated by its evaluation through interviews with senior
industry professionals, as well as a critical assessment against relevant
practice and research. The framework is further refined based on these
evaluations, and an updated version defined. This research represents the first
grounded, comprehensive and evaluated proposal for characterising effective
corporate communication after cyber security incidents.
Related papers
- Alignment of Cybersecurity Incident Prioritisation with Incident Response Management Maturity Capabilities [0.0]
This paper explores a possible utilisation of IR CMMs assessments to prioritise high-risk incidents.
The findings reveal common weaknesses in incident response, such as inadequate training and poor communication.
The analysis also emphasises the importance of organisational culture in enhancing incident response capabilities.
arXiv Detail & Related papers (2024-10-03T07:05:47Z) - CrisisSense-LLM: Instruction Fine-Tuned Large Language Model for Multi-label Social Media Text Classification in Disaster Informatics [49.2719253711215]
This study introduces a novel approach to disaster text classification by enhancing a pre-trained Large Language Model (LLM)
Our methodology involves creating a comprehensive instruction dataset from disaster-related tweets, which is then used to fine-tune an open-source LLM.
This fine-tuned model can classify multiple aspects of disaster-related information simultaneously, such as the type of event, informativeness, and involvement of human aid.
arXiv Detail & Related papers (2024-06-16T23:01:10Z) - Crisis Communication in the Face of Data Breaches [0.19116784879310028]
This paper examines data breach crisis communication strategies and their practical executions.
The paper contributes to the research domain by focusing specifically on data breach crises, their peculiarities, and their management.
arXiv Detail & Related papers (2024-06-03T19:21:04Z) - Service Level Agreements and Security SLA: A Comprehensive Survey [51.000851088730684]
This survey paper identifies state of the art covering concepts, approaches, and open problems of SLA management.
It contributes by carrying out a comprehensive review and covering the gap between the analyses proposed in existing surveys and the most recent literature on this topic.
It proposes a novel classification criterium to organize the analysis based on SLA life cycle phases.
arXiv Detail & Related papers (2024-01-31T12:33:41Z) - Critical Analysis and Countermeasures Tactics, Techniques and Procedures (TTPs) that targeting civilians: A case study On Pegasus [0.0]
This paper investigates the targeting of journalists and activists by the malware Pegasus.
Examines the far-reaching consequences of these attacks for cybersecurity policy.
Describes some of the most important tactics that businesses may use to reduce the danger of cyberattacks.
arXiv Detail & Related papers (2023-10-01T19:28:03Z) - Incentivized Communication for Federated Bandits [67.4682056391551]
We introduce an incentivized communication problem for federated bandits, where the server shall motivate clients to share data by providing incentives.
We propose the first incentivized communication protocol, namely, Inc-FedUCB, that achieves near-optimal regret with provable communication and incentive cost guarantees.
arXiv Detail & Related papers (2023-09-21T00:59:20Z) - Designing an attack-defense game: how to increase robustness of
financial transaction models via a competition [69.08339915577206]
Given the escalating risks of malicious attacks in the finance sector, understanding adversarial strategies and robust defense mechanisms for machine learning models is critical.
We aim to investigate the current state and dynamics of adversarial attacks and defenses for neural network models that use sequential financial data as the input.
We have designed a competition that allows realistic and detailed investigation of problems in modern financial transaction data.
The participants compete directly against each other, so possible attacks and defenses are examined in close-to-real-life conditions.
arXiv Detail & Related papers (2023-08-22T12:53:09Z) - Building a Resilient Cybersecurity Posture: A Framework for Leveraging
Prevent, Detect and Respond Functions and Law Enforcement Collaboration [0.0]
This research paper compares and contrasts the CyRLEC Framework with the NIST Cybersecurity Framework.
The CyRLEC Framework takes a broader view of cybersecurity, including proactive prevention, early detection, rapid response to cyber-attacks, and close collaboration with law enforcement agencies.
arXiv Detail & Related papers (2023-03-20T05:16:54Z) - Certifiably Robust Policy Learning against Adversarial Communication in
Multi-agent Systems [51.6210785955659]
Communication is important in many multi-agent reinforcement learning (MARL) problems for agents to share information and make good decisions.
However, when deploying trained communicative agents in a real-world application where noise and potential attackers exist, the safety of communication-based policies becomes a severe issue that is underexplored.
In this work, we consider an environment with $N$ agents, where the attacker may arbitrarily change the communication from any $CfracN-12$ agents to a victim agent.
arXiv Detail & Related papers (2022-06-21T07:32:18Z) - Automatic Evaluation and Moderation of Open-domain Dialogue Systems [59.305712262126264]
A long standing challenge that bothers the researchers is the lack of effective automatic evaluation metrics.
This paper describes the data, baselines and results obtained for the Track 5 at the Dialogue System Technology Challenge 10 (DSTC10)
arXiv Detail & Related papers (2021-11-03T10:08:05Z) - An application of cyberpsychology in business email compromise [0.0]
This paper introduces Business Email Compromise (BEC) and why it is becoming a major issue to businesses worldwide.
It also presents a case study of a BEC incident against Unatrac Holding Ltd and analyses the techniques used by the cybercriminals to defraud the company.
arXiv Detail & Related papers (2020-11-22T21:31:51Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.