Why Do Organizations Fail to Practice Cyber Resilience?
conference paper
When organizations fall victim to cyber incidents, they are exposed to financial implications, data losses, and potential damage to their reputation. However, the positive news is that many of these incidents can be avoided or have a smaller impact when basic cyber-resilience practices are followed. These practices can include simple actions like regularly updating software or implementing multi-factor authentication. Although these practices might seem simple, organizations are not always taking them despite their best intentions. This may be due to various barriers that hinder practicing cyber resilience. This study investigated why organizations are not practicing cyber resilience. Discussions were held with entrepreneurs in focus groups to understand their reasons for not running a cyberresilient digital business. We also surveyed a panel of 795 Dutch entrepreneurs about cyber risks and underlying barriers to practicing cyber resilience. A regression model shows that a lack of knowledge, skills, environmental context and resources, and protection motivation intention appear to be the strongest barriers to practicing cyber resilience, closely followed by perceived response efficacy. Implications for government agencies and future research are discussed
Topics
TNO Identifier
996248
Publisher
Springer
Source title
HCI for Cybersecurity, Privacy and Trust 6th International Conference, HCI-CPT 2024
Editor(s)
Moallem, A.
Pages
126-137
Files
To receive the publication files, please send an e-mail request to TNO Repository.