Reporting a Cyber Security Breach: How Organizations Respond

Cyber breaches and ransomware attacks now occur so frequently that they have become facets of organizational life. These breaches are unique in that they are initially silent; a limited number of organizational members know about the incident so firms usually have ample time to prepare a Cyber Breach Revelation (CBR). This study analyzes 378 press releases acknowledging a cyber security breach. It finds four response clusters that highlight how compromised organizations reveal cyberattacks to external stakeholders: (1) empathetic acknowledgment; (2) assurance of the organization's breach-handling capability; (3) restoration of confidence; and, (4) re-establishment of trust and loyalty. These clusters provide meaningful insights as to how firms reveal cyber breaches to their stakeholders and, equally as important, open the door for further studies as to the effectiveness and sequencing of these approaches.