Question 8. Has your company experienced any of the below-specified negative events or cybersecurity risks which were directly associated with the use of DTPs? | Question 2. Please specify how long your current company has been using digital technology platforms | |||
---|---|---|---|---|
Up to 3 years | More than 3 years | |||
n | % | n | % | |
Hardware failure | 30 | 51.7 | 35 | 56.5 |
Internet outage attributable to, for example, network congestion due to the use of digital technology platforms | 19 | 32.8 | 24 | 38.7 |
Leak of information relating to company, employees, or business partners | 4 | 6.9 | 1 | 1.6 |
Customer data leak | 4 | 6.9 | 1 | 1.6 |
Phishing – a fraudulent attempt to obtain sensitive information or data by disguising a website as a trustworthy entity in an electronic communication | 5 | 8.6 | 7 | 11.3 |
Pharming – redirection to fake websites | 3 | 5.2 | 7 | 11.3 |
Loss of financial means | 4 | 6.9 | 1 | 1.6 |
Internet spying | 2 | 3.4 | 1 | 1.6 |
No negative events | 13 | 22.4 | 15 | 24.2 |
Intergroup comparisons using the Mann-Whitney U-test |
Hardware failure vs duration of use – not statistically significant Internet outage vs duration of use – not statistically significant Company data leak vs duration of use – not statistically significant Customer data leak vs duration of use – not statistically significant Phishing vs duration of use – not statistically significant Pharming vs duration of use – not statistically significant Loss of financial means vs duration of use – not statistically significant Internet spying vs duration of use – not statistically significant No negative events vs duration of use – not statistically significant |
|||
Test for significance of relationships between Pearson's chi-square and Cramer's V contingency coefficient |
Hardware failure vs duration of use – not statistically significant Internet outage vs duration of use – not statistically significant Company data leak vs duration of use – not statistically significant Customer data leak vs duration of use – not statistically significant Phishing vs duration of use – not statistically significant Pharming vs duration of use – not statistically significant Loss of financial means vs duration of use – not statistically significant Internet spying vs duration of use – not statistically significant No negative events vs duration of use – not statistically significant |
Question 8. Please specify if your company experienced any of the below-specified negative events or cybersecurity risks which were directly associated with the use of DTPs | ||||
---|---|---|---|---|
Responses | Percentage of observations | |||
n | Percentage | |||
Hardware failure | 65 | 36.1 | 53.7 | |
Internet outage attributable to, for example, network congestion due to the use of digital technology platforms | 43 | 23.9 | 35.5 | |
Leak of information relating to company, employees, or business partners | 6 | 3.3 | 5.0 | |
Customer data leak | 6 | 3.3 | 5.0 | |
Phishing – a fraudulent attempt to obtain sensitive information or data by disguising a website as a trustworthy entity in an electronic communication | 12 | 6.7 | 9.9 | |
Pharming – redirection to fake websites | 10 | 5.6 | 8.3 | |
Loss of financial means | 6 | 3.3 | 5.0 | |
Internet spying | 3 | 1.7 | 2.5 | |
No negative events | 28 | 15.6 | 23.1 | |
Total | 180 | 100.0 | 148.8 |
Question 7. Please specify how the negative attitude of management staff toward the implementation and use of digital technology platforms manifests itself in your company | ||||
---|---|---|---|---|
Responses | Percentage of observations | |||
n | Percentage | |||
High-level resistance toward the implementation of digital technology platforms due to potential changes to the organizational and employment structure in the company | 2 | 40.0 | 100.0 | |
A number of concerns attributable to economic factors (high costs of implementation and possible cost reductions in other operational areas of the company) | 1 | 20.0 | 50.0 | |
Numerous cybersecurity concerns | 2 | 40.0 | 100.0 | |
Total | 5 | 100.0 | 250.0 |
Feature | Description |
---|---|
Audit | Recording – in an audit register – information about users’ operations that were unsuccessful |
Authorization |
Use of configuration modifications that cover control algorithms or border points Authorization of users who have access to control systems or actuation mechanisms |
Operational preparedness | Protection against loss of operational readiness of control servers or communication lines |
Access control | Inspections of system and platform interfaces, their functions, modifiable configurations, and critical processes |
Monitoring | Detection of unauthorized operations on an ongoing basis |
Recovery | Existence of tools for critical elements and processes aimed at data recovery at the time of failure |
Confidentiality | Data protection against unauthorized disclosure (relevant data are determined based on a risk assessment and they mostly include operational, control, and financial information) |
Security procedures | Existence of plans and policies relating to security management, business continuity, or assignment of roles and responsibilities |
Self-check | Performance of self-tests used for validation of the integrity of security functions |
Coherence | Protection against unauthorized changes to the information flow or configuration of systems and platforms |
Border protection | Protection against attempts aimed at slipping across physical and digital logic borders of a system or platform |
Question 8. Has your company experienced any of the below-specified negative events or cybersecurity risks which were directly associated with the use of DTPs? | Company size | |||||||
---|---|---|---|---|---|---|---|---|
Micro-sized companies | Small-sized companies | Medium-sized companies | Large-sized companies | |||||
n | % | n | % | n | % | n | % | |
Hardware failure | 3 | 25.0 | 11 | 39.3 | 23 | 56.1 | 28 | 71.8 |
Internet outage attributable to, for example, network congestion due to the use of digital technology platforms | 4 | 33.3 | 9 | 32.1 | 20 | 48.8 | 10 | 25.6 |
Leak of information relating to company, employees, or business partners | 0 | 0.0 | 2 | 7.1 | 1 | 2.4 | 2 | 5.1 |
Customer data leak | 0 | 0.0 | 0 | 0.0 | 4 | 9.8 | 1 | 2.6 |
Phishing – a fraudulent attempt to obtain sensitive information or data by disguising a website as a trustworthy entity in an electronic communication | 3 | 25.0 | 1 | 3.6 | 3 | 7.3 | 5 | 12.8 |
Pharming – redirection to fake websites | 2 | 16.7 | 2 | 7.1 | 3 | 7.3 | 3 | 7.7 |
Loss of financial means | 0 | 0.0 | 2 | 7.1 | 1 | 2.4 | 2 | 5.1 |
Internet spying | 0 | 0.0 | 1 | 3.6 | 1 | 2.4 | 1 | 2.6 |
No negative events | 7 | 58.3 | 9 | 32.1 | 6 | 14.6 | 6 | 15.4 |
Intergroup comparisons using the Kruskal–Wallis H-test and Mann-Whitney U-test |
Hardware failure vs company size H (χ2)(3, n = 120) = 11.46, p ≤ 0.05 Micro-sized vs small-sized companies – not statistically significant Micro-sized vs medium-sized companies U(n = 54) = 178.5, p ≤ 0.05 Micro-sized vs large-sized companies U(n = 52) = 130.0, p ≤ 0.05 Small-sized vs medium-sized companies – not statistically significant Small-sized vs large-size dcompanies U(n = 67) = 368.5, p ≤ 0.05 Medium-sized vs large-sized companies – not statistically significant Internet outage vs company size – not statistically significant Company data leak vs company size – not statistically significant Customer data leak vs company size – not statistically significant Phishing vs company size – not statistically significant Pharming vs company size – not statistically significant Loss of financial means vs company size – not statistically significant Internet spying vs company size – not statistically significant No negative events vs company size – not statistically significant |
|||||||
Test for significance of relationships between Pearson's chi-square and Cramer's V contingency coefficient |
Hardware failure vs company size H (χ2) (3, n = 121) = 12.46, p ≤ 0.05, V = 321 Internet outage vs company size – not statistically significant Company data leak vs company size – not statistically significant Customer data leak vs company size – not statistically significant Phishing vs company size – not statistically significant Pharming vs company size – not statistically significant Loss of financial means vs company size – not statistically significant Internet spying vs company size – not statistically significant No negative events vs company size – not statistically significant |
Model component (predictor) | Beta coefficient | Number of degrees of freedom (df) | F | Significance | Zero-order correlation |
---|---|---|---|---|---|
Structural (sociodemographic) factor | 0.261 | 0.201 | 1 | 10.682 | 0.197 |
Structural factor | 0.147 | 0.163 | 3 | 0.816 | 0.488 |
Human factor | 0.141 | 0.163 | 2 | 0.749 | 0.475 |
Economic factor | 0.070 | 0.207 | 3 | 0.114 | 0.952 |
Cybersecurity factor | –0.138 | 0.159 | 1 | 0.756 | 0.386 |
Structural (sociodemographic) factor | 0.274 | 0.262 | 0.254 | 0.547 | 0.944 |
Structural factor | 0.140 | 0.154 | 0.145 | 0.157 | 0.975 |
Human factor | 0.145 | 0.148 | 0.139 | 0.157 | 0.972 |
Economic factor | 0.105 | 0.072 | 0.067 | 0.056 | 0.932 |
Cybersecurity factor | −0.078 | −0.141 | −0.133 | 0.083 | 0.928 |