THREE ESSAYS ON CYBER INCIDENT RISK MANAGEMENT IN ORGANIZATIONS

Author

Harsh Parekh, Louisiana State University and Agricultural and Mechanical CollegeFollow

Degree

Doctor of Philosophy (PhD)

Department

Stephenson Department of Entrepreneurship and Information Systems (SDEIS)

Document Type

Dissertation

Abstract

Cyber incident risk management has become an organizational priority due to the growing frequency and impact of cyber threats. Under institutional and regulatory pressure, organizations face a critical question: how to strategically manage cyber incident risk? Through a three-essay and multi-method research design, this dissertation answers that question by examining cyber incident risk management through a critical synthesis of literature, analysis of disclosure communication strategies and evaluation of their antecedents. Essay 1 adopts a hybrid review methodology, beginning with a scoping review of the current literature, followed by a critical review approach to problematize epistemic, conceptual, and methodological challenges. Drawing on the Perceived Environmental Uncertainty Framework, we identify key dynamics in cyber incident risk management research arising from state, response, and effect uncertainties. This essay challenges dominant assumptions in the field and uncovers future research pathways, such as the need to understand inter-firm and multi-firm breach dynamics and the bi-directional causality between firm responses and stakeholder impacts.

Essays 2 and 3 seize opportunities identified in Essay 1 to explore the cyber incident disclosure framing. First, Essay 2 applies advanced natural language processing (NLP) techniques with large language model (LLM) experiments to extract Prospect Theory-based framing features from 456 cyber incident disclosure letters addressed to customers. Employing a computationally intensive theory construction (CITC) framework, we find that companies strategically use framing mechanisms (including loss aversion, reference dependence, and probability weighting) to communicate breach and response characteristics. Our performance evaluation shows that chain-of-thought prompting and multi-agent LLM experiments perform substantially better than traditional NLP approaches for complex feature extraction.

Finally, Essay 3 examines the antecedents of strategic framing, focusing on breach characteristics, firm attributes, and regulatory pressures. We find that external breaches are associated with significantly higher usage of framing features compared to internal breaches. Furthermore, as regulatory pressures intensify and firms accumulate cyber incident management experience through peer breaches or prior breaches, their disclosures tend to exhibit less framing. Our findings offer regulators insights into organizational maneuvering through strategic communication. They also provide a comparative evaluation of LLMs for feature extraction and advanced critical directions for future research in cyber incident risk management.

Date

5-30-2025

Recommended Citation

Parekh, Harsh, "THREE ESSAYS ON CYBER INCIDENT RISK MANAGEMENT IN ORGANIZATIONS" (2025). LSU Doctoral Dissertations. 6813.
https://repository.lsu.edu/gradschool_dissertations/6813

Committee Chair

Schwarz, Andrew (Co-Chair) and Burns, A.J. (Co-Chair)