Examining the costs and causes of cyber incidents

This research by Sasha Romanosky and published in the Journal of Cybersecurity seeks to examine the composition and costs of cyber events and attempts to address whether or not there exist incentives for firms to improve their security practices and reduce the risk of attack. The research distinguishes between four types of cyber events: data breaches (unauthorized disclosure of personal information), security incidents (malicious attacks directed at a company), privacy violations (alleged violation of consumer privacy), and phishing/skimming incidents (individual financial crimes).