Skip to main content

A Framework for Effective Corporate Communication after Cyber Security Incidents

Knight, Richard, Nurse, Jason R. C. (2020) A Framework for Effective Corporate Communication after Cyber Security Incidents. Computers & Security, . ISSN 0167-4048. (doi:10.1016/j.cose.2020.102036) (KAR id:82836)

PDF Author's Accepted Manuscript
Language: English


Download (711kB) Preview
[thumbnail of Effective-Incident-Comms-C&S2020-Nurse-KAR.pdf]
Preview
This file may not be suitable for users of assistive technology.
Request an accessible format
Official URL
https://doi.org/10.1016/j.cose.2020.102036

Abstract

A major cyber security incident can represent a cyber crisis for an organisation, in particular because of the associated risk of substantial reputational damage. As the likelihood of falling victim to a cyberattack has increased over time, so too has the need to understand exactly what is effective corporate communication after an attack, and how best to engage the concerns of customers, partners and other stakeholders. This research seeks to tackle this problem through a critical, multi-faceted investigation into the efficacy of crisis communication and public relations following a data breach. It does so by drawing on academic literature, obtained through a systematic literature review, and real-world case studies. Qualitative data analysis is used to interpret and structure the results, allowing for the development of a new, comprehensive framework for corporate communication to support companies in their preparation and response to such events. The validity of this framework is demonstrated by its evaluation through interviews with senior industry professionals, as well as a critical assessment against relevant practice and research. The framework is further refined based on these evaluations, and an updated version defined. This research represents the first grounded, comprehensive and evaluated proposal for characterising effective corporate communication after cyber security incidents.

Item Type: Article
DOI/Identification number: 10.1016/j.cose.2020.102036
Uncontrolled keywords: Cybersecurity incident, Data breach, Corporate communication, Public relations, Data breach announcements, Incident response, Cyber crisis, Security Management, Resilience
Subjects: H Social Sciences > H Social Sciences (General)
H Social Sciences > HF Commerce
H Social Sciences > HF Commerce > HF5351 Business
Q Science > QA Mathematics (inc Computing science)
T Technology
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Divisions > Division for the Study of Law, Society and Social Justice > Centre for Journalism
Divisions > Kent Business School - Division > Kent Business School (do not use)
Depositing User: Jason Nurse
Date Deposited: 09 Sep 2020 14:22 UTC
Last Modified: 16 Feb 2021 14:47 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/82836 (The current URI for this page, for reference purposes)
Nurse, Jason R. C.: https://orcid.org/0000-0003-4118-1680
  • Depositors only (login required):

Downloads

Downloads per month over past year