Factors Affecting Reputational Damage to Organisations Due to Cyberattacks

Abstract

The COVID-19 pandemic has brought massive online activities and increased cybersecurity incidents and cybercrime. As a result of this, the cyber reputation of organisations has also received increased scrutiny and global attention. Due to increased cybercrime, reputation displaying a more important role within risk management frameworks both within public and private institutions is vital. This study identifies key factors in determining reputational damage to public and private sector institutions through cyberattacks. Researchers conducted an extensive review of the literature, which addresses factors relating to risk management of reputation post-cyber breach. The study identified 42 potential factors, which were then classified using the STAR model. This model is an organisational design framework and was suitable due to its alignment with organisations. A qualitative study using semi-structured and structured questions was conducted with purposively selected cybersecurity experts in both public and private sector institutions. Data obtained from the expert forum were analysed using thematic analysis, which revealed that a commonly accepted definition for cyber reputation was lacking despite the growing use of the term “online reputation”. In addition, the structured questions data were analysed using relative importance index rankings. The analysis results revealed significant factors in determining reputational damage due to cyberattacks, as well as highlighting reputation factor discrepancies between private and public institutions. Theoretically, this study contributes to the body of knowledge relating to cybersecurity of organisations. Practically, this research is expected to aid organisations to properly position themselves to meet cyber incidents and become more competitive in the post-COVID-19 era.