• Cyber incident disclosure has been proposed as an important tool to create better incentives for cyber security. • This paper outlines lessons for cyber incident disclosure from CO 2 e emissions disclosure. • It is concluded that increased cyber incident disclosure would increase the costs of equity and debt for companies with many and/or severe cyber incidents, and also expose them to shareholder activism as well as to decreasing demand. However, these effects are likely to be smaller than the corresponding CO 2 e emissions disclosure effects. Modern society depends on IT services, but unfortunately, IT services are not always dependable. Cyber incidents occur all the time, caused by bad design or by bad incentives. To address the latter cause, disclosure of cyber incidents has been proposed. Learning about incidents, buyers will find it worthwhile to select and pay for secure vendors, thus contributing to better overall security. While this logic has solid theoretical foundations in the economics of negative externalities and asymmetric information, the practice of cyber incident disclosure is only just emerging, as is empirical research on its effects. However, valuable lessons might be learned from the literature on the more mature practice of CO 2 e emissions disclosure. Based on the extant literature on CO 2 e emissions disclosure, two hypotheses about cyber incident disclosure are derived: First, it is likely that increased cyber incident disclosure would increase the costs of equity and debt for companies with many and/or severe cyber incidents, and also expose them to shareholder activism as well as to decreasing demand. Second, these effects will be smaller for cyber incident disclosure than the corresponding effects for CO 2 e emissions disclosure. The article is concluded with a discussion of implications and future work.

ABSTRACT This article examines the role of structured exercises, disciplined training, and lessons learned programs in advancing cybersecurity readiness across the enterprise. While incident response and recovery capabilities are indispensable during active disruption, their effectiveness depends substantially on the extent to which they have been practiced, evaluated, and refined before a crisis occurs. A mature cybersecurity program therefore requires more than technical controls and documented plans. It requires repeated exercises, transdisciplinary training, realistic command simulations, formal engagement with third party partners, and a disciplined process for converting operational experience into improved readiness. Emphasis is placed on the value of regular Cyber Incident Response Team training, recurring scenario-based exercises, role specific instruction for component leaders and volunteer support personnel, and structured lessons learned sessions that strengthen readiness without imposing undue burden on participants who also carry day to day business responsibilities. This article extends the discussion from restoration and resiliency into the organizational disciplines of exercise design, recurring training, and lessons learned as mechanisms for sustained cybersecurity readiness. It is informed not only by established cybersecurity principles, but also by the author’s extensive firsthand experience in operational cyber leadership across incident response, containment, eradication, restoration, and enterprise readiness activities in complex organizational environments.

Reassessing the market impact of cyber incidents: A bias-adjusted event study approach

Cybersecurity governance has become central to protecting safety-sensitive sectors in the United States. Digital threats now translate rapidly into operational failures and public harm. This critical integrative review synthesizes 25 peer-reviewed studies published from 2020 through 2026. It examines governance models, accountability mechanisms, and their connections to public safety outcomes in sectors such as healthcare, finance, energy, and broader critical infrastructure. Drawing on patterns across the corpus, the review identifies persistent institutional fragmentation, dominance of compliance-oriented approaches, limitations in accountability structures, and marked sectoral variation in governance maturity. These features collectively weaken adaptive capacity. They also limit the translation of governance efforts into measurable resilience against cyber incidents. The analysis reveals that current frameworks prioritize regulatory adherence over resilience-building and cross-sector coordination. This leaves safety-sensitive systems vulnerable to cascading disruptions. The implications for regulators, operators, and policymakers are clear. They must move toward more integrated, outcome-oriented models that explicitly link cybersecurity oversight to public safety metrics. By integrating governance and safety scholarship, this review highlights structural weaknesses. It also points to targeted improvements that could strengthen national infrastructure protection.

This study introduces a framework for cyber threat intelligence aimed at enhancing Türkiye’s proactive cybersecurity capabilities, specifically addressing security vulnerabilities. A geographic analysis involving 11,911 malicious IP addresses and 6,927 malicious URLs from the National Cyber Incident Response Center (TR-CERT) facilitated the formation of intelligence-driven geographic blocking firewall policies, thus reinforcing proactive network defense strategies. The research correlated threat indicators from TR-CERT with exploit intelligence from the open-source Exploit-DB platform, establishing connections between Indicators of Compromise (IoCs) and security vulnerabilities. Risk calibration maps were developed to match these vulnerabilities with the Open Web Application Security Project (OWASP) Top 10 risk categories and validated against the National Vulnerability Database (NVD). This prioritization took into account vulnerability prevalence, Common Vulnerability Scoring System (CVSS) scores, exploitability levels, and potential impact. In addition, a dynamic risk scoring model based on Monte Carlo simulation was also used to estimate vulnerability risks, with exploitability serving as the probability parameter and CVSS scores as the impact parameter. The findings underscore that integrating exploit-focused vulnerability intelligence into national cyber threat intelligence processes can significantly enhance the development of more effective and intelligence-driven cyber defense architectures in rapidly evolving threat environments.

The healthcare domain has increasingly become a target for cyber threats, with large-scale exposure of patient data and a steady rise in reported security vulnerabilities impacting hospital infrastructures. The rapid growth of unstructured medical security reports makes manual severity assessment inefficient, inconsistent, and unsuitable for timely response. To overcome these limitations, this study presents an automated text analysis framework based on Natural Language Processing (NLP), utilizing a medical security dataset composed of incident records, advisories, and vulnerability disclosures. The process begins with preprocessing and Exploratory Data Analysis (EDA) to ensure data quality through normalization, cleaning, and visualization. For contextual understanding, Lightweight RoBERT (Robustly Optimized BERT) is applied to generate semantic embeddings while maintaining computational efficiency. Unlike traditional approaches, the proposed system integrates Deep Neural Network (DNN)- based feature selection with Natural Gradient Boosting (NGBoost) to enhance classification performance. For comparison, baseline models such as Stochastic Gradient Descent (SGD) and NGBoost classifiers are also evaluated. The framework performs binary classification to distinguish between normal and highseverity vulnerabilities, enabling effective prioritization of critical issues. By combining contextual embeddings with advanced feature selection, the model improves accuracy, reduces false predictions, and enables faster response in real-time scenarios. This solution provides a scalable and efficient mechanism for automated vulnerability assessment, strengthening cybersecurity defenses and supporting improved risk management in healthcare systems

The Straits of Malacca and Singapore are among the most strategically important maritime chokepoints in the global trading system. Although conventional threats such as piracy have been managed through regional cooperation, the rapid digitalisation of ports, vessel traffic systems, and naval command infrastructures has created new hybrid cyber-physical vulnerabilities. Despite recurring cyber incidents between 2020 and 2025, no institutionalised real-time cross-border Cyber Threat Intelligence (CTI) mechanism has emerged among Indonesia, Malaysia, and Singapore. This study examines the puzzle of institutional inertia under growing threat interdependence and its implications for SDG 9, Target 9.1 on resilient infrastructure, and SDG 17, Targets 17.16 and 17.17 on knowledge-sharing and effective public-private partnerships. Drawing on 18 semi-structured interviews and qualitative analysis of policy documents from 2020 to 2025, the study identifies three governance bottlenecks: legal-institutional ambiguity, sovereignty-related political constraints, and technical-operational interoperability gaps. Building on Regional Security Complex Theory and regime complexity scholarship, the article theorises Cooperative Sovereignty as a middle-ground governance modality between supranational integration and sovereignty-maximising bilateralism. It proposes the Malacca Cyber Intelligence Node (MCIN) as a federated, sovereignty-compatible mechanism for structured cyber threat signalling while preserving national control over data. The study contributes to governance scholarship and offers actionable pathways for strengthening maritime cyber resilience in sovereignty-sensitive regions.

Humanitarian organizations increasingly rely on digital tools and data with the promise of faster and more efficient aid delivery. But digitalization comes with a critical drawback: a heightened exposure to cyber threats. The data breach experienced by the International Committee of the Red Cross in 2022 is a clear example of this risk, but not an isolated one. The incidents recorded during the conflicts in Ukraine and Gaza show that cyberattacks against humanitarian organizations have become an alarming reality of modern conflict. A cyber incident on a humanitarian organization harms the protection of the identities and positions of vulnerable groups. There is therefore an urgent need to recognize cybersecurity as a core pillar of humanitarian aid. This PRISMA-ScR review maps cyber threats, challenges, and strategies in humanitarian aid. It identifies a range of cyber threats to humanitarian organizations, including cyberattacks, surveillance, and mis/disinformation concerns. Still, it reveals notable lacks in terms of cyber preparedness and response, as well as a complete absence of knowledge on crisis communication strategies. Despite the importance of strengthening cybersecurity being recognized, the findings highlight that humanitarian organizations face unique challenges which often hinder the effective implementation of cyber strategies. Given the identified gaps in both existing research and practice, this review stresses the importance of developing solutions tailored to the distinctive features and needs of the humanitarian sector. To this end, this study provides a base for further investigation, with the key themes, gaps, and proposed research avenues guiding immediate focus for this underexplored field. • Humanitarian organizations face growing cyber threats due to the digitalization of their operations. • Cyberattacks, surveillance, and mis/disinformation threaten humanitarian organizations. • Unique normative, operational, and resource constraints hinder effective cybersecurity implementation. • Humanitarian organizations show major gaps in cyber preparedness, response, and crisis communication. • Tailored cyber solutions are needed to address unique humanitarian challenges and needs.

Security challenges and solutions in Internet of Medical Things (IoMT) communication: A review

This paper investigates how cyberattacks affect the market valuation of European financial institutions. Using an event study methodology on a sample of 31 cyber incidents affecting European financial firms between 2016 and 2024, we document a clear and statistically significant negative market reaction concentrated on the announcement day. Importantly, we find no evidence of abnormal price movements prior to disclosure, which is inconsistent with systematic insider trading. In contrast to prior studies that report pre-announcement abnormal returns (ARs) around cyber incident disclosures, our findings suggest that information leakages and insider trading may be less of a concern in the European financial sector. A time-trend analysis reveals diverging patterns: while the impact of non-confidential attacks has intensified, the market response to confidentiality breaches has weakened, consistent with improved disclosure and crisis management practices.

This paper examines the structure, dynamics, and effects of hybrid threats, focusing on Montenegro's experience and positioning with respect to NATO and the European Union. Using a comparative and empirical framework, itanalyses institutional vulnerabilities, the role of proxy actors, cyber-attacks, and regional resilience practices. The study draws on policy documents and reports from NATO, the EU, the UK FCDO, and local research centres, the Digital Forensic Centre (DFC) and the Centre for Democratic Transition (CDT), as well as comparative data from Serbia, Bosnia and Herzegovina, North Macedonia, and Albania. Through a case study of Montenegro, the paper maps key vectors of hybrid action: cyber-attacks targeting electoral processes and critical infrastructure, media-narrative campaigns aimed at delegitimising Euro-Atlantic integration, the operation of proxy actors linking domestic political and religious structures to external centres of influence, and economic and energy penetration that constrains institutional autonomy. A comparative regional analysis reveals shared patterns of sequential attack, whereby initial cyber incidents are amplified by subsequent disinformation campaigns, while highlighting differences in institutional resilience across the Western Balkans. The findings indicate that Montenegro's primary weaknesses lie in the fragmentation of its security sector, insufficient inter-institutional coordination, limited digital literacy, and a reactive rather than preventive approach to hybrid threats. The paper concludes with policy recommendations centred on the establishment of a national hybrid-threat monitoring centre, the introduction of digital and media literacy programmes, greater transparency in financing flows, and enhanced regional and international cooperation.

The Paris 2024 Olympic Games posed a unique challenge due to their scale, associated risks and the need for robust healthcare preparedness. This review outlines the forecasting and anticipatory measures taken by the Etablissement français du sang (EFS) to ensure a resilient blood supply chain throughout the event. A steering committee was formed 2 years in advance to coordinate risk assessments, operational planning and institutional collaboration. The EFS aimed to maintain daily reserves of 90,000 red blood cell (RBC) units, anticipating a 25% shortfall in the Île-de-France region, which was to be balanced by increased contributions from other regions. To support operations, logistical strategies involved the prepositioning of supplies, securing transport routes and reinforcing both trauma centres and Olympic venues. Staffing was also adapted, with changes to work schedules, an extended summer leave period and provisions for remote work at EFS headquarters. In anticipation of seasonal infectious risks, nucleic acid testing (NAT) was implemented for West Nile virus (WNV) and dengue (DENV) in high-risk areas. Cybersecurity measures were also reinforced through strengthened information technology infrastructure and integration with the national cyber crisis response system. These proactive measures proved effective: blood stocks remained stable, only a few arboviral infections were detected and no major cyber incidents occurred. The Paris 2024 experience emphasizes the importance of early, coordinated and cross-sectoral planning in safeguarding national blood supplies during mass events. The centralized structure of the EFS, along with its integration into public health systems and past experience with major events, enabled uninterrupted and resilient service delivery.

As a result of the increased use of interconnected technologies in healthcare systems, there has been a rapid transformation of healthcare organizations and an increase in reliance on these technologies, thus changing how hospitals operate. Hospitals now utilize many technologies that are interconnected through a number of electronic health record (EHR) systems, Internet of Medical Things (IoMT) devices, telehealth platforms, and cloud-based systems. While technology allows hospitals to provide better care and operate more efficiently, it has resulted in increased exposure to various types of cyber threats. Cyber threats directed at healthcare organizations include ransomware, phishing attacks, insider threats, and the exploitation of medical devices, and there are numerous case studies linking cyber incidents and the operational disruption they cause to the risks associated with the safety of patients. This article reviews the current state of cybersecurity in health care organizations with an emphasis on the legal obligations created by major regulatory frameworks—including HIPAA, HITECH, the GDPR, the NIS2 Directive, and cybersecurity guidance for medical devices—because of the increased reliance on these technologies. This article also discusses the intersection of various legal frameworks including data protection laws, the regulation of critical infrastructure, tort liability, and corporate governance; evaluates civil liability risk created through the use of technology, exposure to civil penalties for violations of regulations, notification of affected parties when a breach occurs, and third-party liability for cloud and vendor environments; and discusses ethical issues related to confidentiality, professional duties, and the effects of decisions made in response to ransomware attacks. The findings demonstrate that cybersecurity in hospitals has evolved from a technical IT function into a comprehensive legal and governance responsibility requiring board-level oversight, structured risk management frameworks, continuous compliance documentation, and workforce training. Strengthening institutional resilience requires integrating cybersecurity into enterprise risk management and aligning regulatory compliance with patient safety imperatives.

Autonomous Vehicles (AVs) call into question the driver-centered premises of road traffic liability, as the task of driving becomes a distributed, socio-technical process involving software, sensors, updates, connectivity, infrastructure, and (sometimes) remote supervision. This article offers a doctrinal comparative analysis of how liability can be attributed across three axes, civil, administrative, and criminal, when accidents occur where there are higher levels of automation. It argues that the European Union does not (and need not) rely on a single AV liability code. Instead, EU law combines an insurance-first, victim-compensation logic with the modernization of product liability for software-enabled harms and a risk-based regulatory style that imposes documentation, post-market, and safety-management duties on upstream actors. Using Germany, France, and the Netherlands as illustrative models, the article maps Vietnamese law through the same framework. It shows that Vietnam already embodies a strong victim-protection baseline through strict "source of extraordinary danger" doctrines and is developing more stringent product responsibility tools. At the same time, Vietnam faces persistent mismatch risks in evidentiary access, cyber incident attribution, and the calibration of criminal accountability. The article concludes with a direction of reform, modified as appropriate for Vietnam, that preserves rapid compensation while structuring recourse, data governance, and controlled piloting.

This study aimed to explore clinicians' experiences during a ransomware attack at a public academic hospital in South Africa and assess the perceived impact of chemical pathology laboratory service disruptions on patient care. A cross-sectional survey was conducted between September and December 2024. An electronic questionnaire was distributed to clinicians to gather data on their experiences during the ransomware attack, including impacts on patient care and workload. To assess changes in test requesting practices during this period, volume data for both critical (creatinine) and non-critical (vitamin B12) tests from routine annual laboratory reports were analysed. Among the 58 respondents, 84% reported increased stress levels, while 78% indicated delayed diagnoses during this period. Laboratory test volumes decreased during the attack period compared to previous years, with reductions of 26.8% for creatinine and 34.1% for vitamin B12 tests. Clinicians primarily struggled with result retrieval and reported substantial disruptions to patient care. This study provides valuable insights into clinicians' perspectives on the impact of a laboratory ransomware attack. The findings highlight the critical need for investment in both cybersecurity infrastructure and comprehensive contingency planning to safeguard patient safety and minimise disruptions during future cyber incidents. This study addresses how ransomware attacks disrupt and impact clinician workflow in resource-limited hospital settings. Medical professionals should develop practical contingency plans for accessing and managing essential laboratory data during cybersecurity incidents to minimise care disruptions. The most significant finding was the dual impact of technical service disruption alongside pronounced clinician psychological stress, creating a compounded effect on healthcare delivery.

Abstract Edgar Ter Danielyan FBCS CITP looks back at 2025, explores some of last year's biggest cyber incidents and gives his views on where we should place our security priorities for 2026.

Deepfakes have been widely discussed as a media ethics issue, a free speech dilemma, or a potential threat to democratic institutions. This paper argues that deepfakes should also be understood as a cybersecurity problem, because they exploit the same trust relationships that underpin secure systems and public governance. Deepfakes are not merely “fake videos”, they are tools for identity manipulation that can bypass technical defenses and disrupt decision-making, public communication, and institutional legitimacy. The paper examines how deepfakes intersect with existing legal frameworks, including data protection, defamation, broadcast regulation, and cyber incident response, and proposes that public institutions should treat synthetic media as an emerging risk within cybersecurity governance.

This study investigates how digital technologies can strengthen Ukraine’s system of economic security management under conditions of war, reconstruction, and escalating cyber threats. The research applies systems analysis, strengths–weaknesses–opportunities–threats analysis, comparative benchmarking with Estonia, Lithuania, and Poland, and an evidence-informed modeling framework. An Economic Security Digitalization Index is constructed from the United Nations E-Government Development Index and the Network Readiness Index, and seven candidate technologies are evaluated: a Government Security Operations Center with Security Information and Event Management and Security Orchestration, Automation, and Response; Zero-Trust architecture; endpoint detection and response with extended detection and response; threat-intelligence sharing via a Malware Information Sharing Platform; expansion of public key infrastructure and electronic identification; secure data-exchange layers; and artificial intelligence–assisted phishing defense. The results show a near-doubling of cyber incidents between 2023 and 2024, place Ukraine below Baltic peers in digital trust readiness, and identify a top three technology bundle: artificial intelligence phishing defense, threat-intelligence federation, and endpoint detection and response capable of avoiding 305 to 685 million United States dollars in cumulative losses by 2029. The study concludes with a phased roadmap recommending a national Government Security Operations Center, adoption of Zero-Trust standards, and development of sectoral incident response teams to align with European Union requirements.

Indonesia's National Data Center (PDN) was targeted by a ransomware attack on June 20, 2024, paralyzing 210 government agencies, causing manual immigration procedures, and exposing significant weaknesses in Indonesia's cyber governance system. The National Cyber ​​and Crypto Agency (BSSN) was mandated under Presidential Regulation 47/2023 to coordinate the response, but the response operation remained disorganized due to various agencies working independently without a unified leadership system, including the Indonesian National Armed Forces (TNI) operating independently despite possessing a Cyber ​​Unit (Satsiber) with adequate cyber warfare capabilities. The attack on the PDN ultimately revealed three governance weaknesses: a lack of a unified command system for conducting national-scale response operations, the separation of military resources from the protection of civilian infrastructure, and a systemic failure to maintain adequate operational readiness. Through a comparative analysis of cyber command models in the United States, Singapore, South Korea, and Australia, combined with an institutional assessment using the McKinsey 7S and NIST frameworks, we propose an integrated defense architecture. The establishment of a Joint Cyber ​​Defense Task Force (JCDTF) operating under a proposed civilian-military organization, the National Cyber ​​Security Coordination Center (NCCC), would create a single command system for crisis response and maintain democratic civilian control through established legal authority, mandatory parliamentary oversight, and limitations on operational areas. This framework would address existing governance weaknesses through democratic cyber governance principles that can also be used by ASEAN countries to address their civil-military integration challenges in handling national-scale cyber incidents.

With growing interest in and attention to cybersecurity, pundits, media outlets, and policymakers are interested in meaningful insights about the nature of cyber conflict. However, the challenges to rigorous inference in cybersecurity research remain daunting. Perhaps the most serious concern is the inability of researchers to observe the full universe of cases and behaviors under study. This paper addresses the critical problem of missing data in cyber incident data collection efforts. We begin with an overview of missingness as it relates to cyber conflict research. We pay particular attention to selection bias resulting from missing data. We apply a Heckman selection model to assess missingness in cyber data and recommend that scholars working with cyber incident datasets consider similar methodologies or strategies to address missingness-induced bias and enhance confidence in the identified relationships.