Characterizing Cybersecurity Threats to Organizations in support of Risk Mitigation Decisions

Document Type


Publication Date

Winter 2020


This study characterizes the cybersecurity threats experienced by organizations. Today's organizations face difficult decisions regarding the mitigation of cybersecurity threats. Taking different types of cybersecurity threats--physical, human, communication and data, and operational--this study applied topic modeling techniques on textual data gathered from 10-K reports of 87 organizations. A cluster analysis on the resultant topic weights showed three different clusters of organizations which were used to characterize the cybersecurity threats. Specifically, organizations in the manufacturing sector prioritized physical threats, whereas those in the information technology and finance sectors accorded greater importance to human, communication and data, and operational threats. This study offers preliminary characterization of cybersecurity threats that can be beneficial for organizational decision-makers. Implications for research and practice are discussed. [ABSTRACT FROM AUTHOR] Copyright of e-Service Journal is the property of Indiana University Press and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)



Find in your library

Off-Campus WSU Users