A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate

Technological advances have resulted in organizations digitalizing many parts of their operations. The threat landscape of cyberattacks is rapidly changing and the potential impact of such attacks is uncertain, because there is a lack of effective metrics, tools and frameworks to understand and asse...

Ful tanımlama

Detaylı Bibliyografya
Asıl Yazarlar: Agrafiotis, I, Nurse, J, Goldsmith, M, Creese, S, Upton, D
Materyal Türü: Journal article
Baskı/Yayın Bilgisi: Oxford University Press 2018
_version_ 1826281327847014400
author Agrafiotis, I
Nurse, J
Goldsmith, M
Creese, S
Upton, D
author_facet Agrafiotis, I
Nurse, J
Goldsmith, M
Creese, S
Upton, D
author_sort Agrafiotis, I
collection OXFORD
description Technological advances have resulted in organizations digitalizing many parts of their operations. The threat landscape of cyberattacks is rapidly changing and the potential impact of such attacks is uncertain, because there is a lack of effective metrics, tools and frameworks to understand and assess the harm organizations face from cyber-attacks. In this article, we reflect on the literature on harm, and how it has been conceptualized in disciplines such as criminology and economics, and investigate how other notions such as risk and impact relate to harm. Based on an extensive literature survey and on reviewing news articles and databases reporting cyber-incidents, cybercrimes, hacks and other attacks, we identify various types of harm and create a taxonomy of cyber-harms encountered by organizations. This taxonomy comprises five broad themes: physical or digital harm; economic harm; psychological harm; reputational harm; and social and societal harm. In each of these themes, we present several cyber-harms that can result from cyber-attacks. To provide initial indications about how these different types of harm are connected and how cyber-harm in general may propagate, this article also analyses and draws insight from four real-world case studies, involving Sony (2011 and 2014), JPMorgan and Ashley Madison. We conclude by arguing for the need for analytical tools for organizational cyber-harm, which can be based on a taxonomy such as the one we propose here. These would allow organizations to identify corporate assets, link these to different types of cyber-harm, measure those harms and, finally, consider the security controls needed for the treatment of harm.
first_indexed 2024-03-07T00:27:09Z
format Journal article
id oxford-uuid:7e86c83a-a7fc-4703-9916-1363302eb55b
institution University of Oxford
last_indexed 2024-03-07T00:27:09Z
publishDate 2018
publisher Oxford University Press
record_format dspace
spelling oxford-uuid:7e86c83a-a7fc-4703-9916-1363302eb55b2022-03-26T21:10:38ZA taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagateJournal articlehttp://purl.org/coar/resource_type/c_dcae04bcuuid:7e86c83a-a7fc-4703-9916-1363302eb55bSymplectic Elements at OxfordOxford University Press2018Agrafiotis, INurse, JGoldsmith, MCreese, SUpton, DTechnological advances have resulted in organizations digitalizing many parts of their operations. The threat landscape of cyberattacks is rapidly changing and the potential impact of such attacks is uncertain, because there is a lack of effective metrics, tools and frameworks to understand and assess the harm organizations face from cyber-attacks. In this article, we reflect on the literature on harm, and how it has been conceptualized in disciplines such as criminology and economics, and investigate how other notions such as risk and impact relate to harm. Based on an extensive literature survey and on reviewing news articles and databases reporting cyber-incidents, cybercrimes, hacks and other attacks, we identify various types of harm and create a taxonomy of cyber-harms encountered by organizations. This taxonomy comprises five broad themes: physical or digital harm; economic harm; psychological harm; reputational harm; and social and societal harm. In each of these themes, we present several cyber-harms that can result from cyber-attacks. To provide initial indications about how these different types of harm are connected and how cyber-harm in general may propagate, this article also analyses and draws insight from four real-world case studies, involving Sony (2011 and 2014), JPMorgan and Ashley Madison. We conclude by arguing for the need for analytical tools for organizational cyber-harm, which can be based on a taxonomy such as the one we propose here. These would allow organizations to identify corporate assets, link these to different types of cyber-harm, measure those harms and, finally, consider the security controls needed for the treatment of harm.
spellingShingle Agrafiotis, I
Nurse, J
Goldsmith, M
Creese, S
Upton, D
A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate
title A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate
title_full A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate
title_fullStr A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate
title_full_unstemmed A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate
title_short A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate
title_sort taxonomy of cyber harms defining the impacts of cyber attacks and understanding how they propagate
work_keys_str_mv AT agrafiotisi ataxonomyofcyberharmsdefiningtheimpactsofcyberattacksandunderstandinghowtheypropagate
AT nursej ataxonomyofcyberharmsdefiningtheimpactsofcyberattacksandunderstandinghowtheypropagate
AT goldsmithm ataxonomyofcyberharmsdefiningtheimpactsofcyberattacksandunderstandinghowtheypropagate
AT creeses ataxonomyofcyberharmsdefiningtheimpactsofcyberattacksandunderstandinghowtheypropagate
AT uptond ataxonomyofcyberharmsdefiningtheimpactsofcyberattacksandunderstandinghowtheypropagate
AT agrafiotisi taxonomyofcyberharmsdefiningtheimpactsofcyberattacksandunderstandinghowtheypropagate
AT nursej taxonomyofcyberharmsdefiningtheimpactsofcyberattacksandunderstandinghowtheypropagate
AT goldsmithm taxonomyofcyberharmsdefiningtheimpactsofcyberattacksandunderstandinghowtheypropagate
AT creeses taxonomyofcyberharmsdefiningtheimpactsofcyberattacksandunderstandinghowtheypropagate
AT uptond taxonomyofcyberharmsdefiningtheimpactsofcyberattacksandunderstandinghowtheypropagate