This study examines the relationship between cybersecurity threats faced and cybersecurity response planned by organizations. Classifying cybersecurity threats into four types – physical threats, personnel threats, communication and data threats, and operational threats – this study examines organizational responses to such threats. Using textual data on cybersecurity threats and response gathered from the 10-K reports published by 87 organizations, topic modelling was conducted to assess the threats and response. A cross-sectional time-series regression model fitted on the topic weights showed that cybersecurity response was influenced by cybersecurity threats, beyond the time-invariant control and period variables. Specifically, physical threats and operational threats influenced the technical response; physical threats, communication and data threats, and operational threats influenced the non-technical response; and personnel threats influenced the overall response. Implications for research and practice are discussed.
Available at: http://works.bepress.com/anand-jeyaraj/13/