Researchers, from the University of Kent’s School of Computing and the Department of Computer Science at the University of Oxford, set out to define and codify the different ways in which cyber incidents can have negative outcomes. They also considered how these impacts can spread as time passes.
Overall the researchers identified five key themes under which the impact - referred to in the article as a ‘cyber-harm’ - from a cyber attack can be classified. These are:
The full list of cyber-harms can be viewed at https://academic.oup.com/view-large/figure/122669345/tyy006f1.tif
The researchers point to high-profile attacks against Sony, JP Morgan and online dating website Ashley Madison, as examples where a wide variety of negative outcomes were experienced, from reputational loss, causing shame and embarrassment for individuals or financial damage. They say these incidents underline why a taxonomy of impacts and harms is so important for businesses. By providing a detailed breakdown of the many different ways a cyber attack can impact a business and third-parties, board members and other senior staff can gain a better understanding of both direct and indirect harms from cyber attacks when considering the threats their organization faces.