Cybersecurity Threats and Organisational Response: Textual Analysis and Panel Regression

Abstract

ABSTRACT This study examines the relationship between cybersecurity threats faced and cybersecurity response planned by organisations. Classifying cybersecurity threats into four types – physical threats, personnel threats, communication and data threats, and operational threats – this study examines organisational responses to such threats. Using textual data on cybersecurity threats and response gathered from the 10-K reports published by 87 organisations, topic modelling was conducted to assess the threats and response. A cross-sectional time-series regression model fitted on the topic weights showed that cybersecurity response was influenced by cybersecurity threats, beyond the time-invariant control and period variables. Specifically, physical threats and operational threats influenced the technical response; physical threats, communication and data threats, and operational threats influenced the non-technical response; and personnel threats influenced the overall response. Implications for research and practice are discussed.