Using China's Cybersecurity Law (CSL) as an exogenous shock, I examine how personal data security affects stock crash risk. I find that the stock crash risk of treatment firms (which collect personal data) significantly decreases after the CSL, and such decrease is larger when firms face greater...

Digitalisation of health services brings many benefits to patients, including electronic health records, telemedicine, and AI-driven diagnostics. However, healthcare is one of the most targeted sectors by cyber and ransomware attacks. To better protect its healthcare systems and create a safer...

Digitalisation of health services brings many benefits to patients, including electronic health records, telemedicine, and AI-driven diagnostics. However, healthcare is one of the most targeted sectors by cyber and ransomware attacks. To better protect its healthcare systems and create a safer...

We examine how cybercrime impacts victims' risk-taking and returns. The results from our difference-in-differences analysis of a sample of victim and matched non-victim investors on the Ethereum blockchain are in line with prospect theory and suggests that victims increase their long-term total...

Managing electronic health records (EHRs) within hospitals presents significant challenges, particularly in ensuring the security, privacy, and accessibility of sensitive patient data. Traditional systems are often vulnerable to breaches and inefficiencies, demanding the need for exploration of...

Technology has become a major driver for business, society, and government in the present times. Businesses use technology to monitor their processes, improve their efficiency, and automate routine tasks along with other things while government may use the technology from a different...

This research investigated the behavior related to compliance with information security policy in the Yemeni banking sector by using the protection motivation theory (PMT). While PMT has been a prominent framework in understanding information security compliance, previous research has produced...

In this study, we analyzed the role of accounting information security control in influencing the internal control's effectiveness in Vietnamese enterprises, using a combination of quantitative research and qualitative research methods. The qualitative phase of this study involved reviewing...

This study investigates the relationship between cyber risks and dividend policy, as well as how boards, as a governance mechanism, affect the dividend policy under cyber risk. This study collected firm-level financing, corporate governance, and control variables from the Bloomberg database...

The purpose of this study is to examine the effect of the two determinants of the technology acceptance model (TAM3), perceived ease of use (PEOU), and perceived usefulness (PU) on auditors' intention to adopt and use blockchain technology (BT) in Lebanon. This study also aims to investigate the...

This article delves into the transformative impact of blockchain technology on enhancing transaction quality and efficiency. Since the emergence of blockchain alongside Bitcoin in 2008, its decentralised and transparent nature has significantly improved transaction speed, security, and cost...

This special 50th issue of Policy in Focus provides examples of countries that have digitalised their social protection systems to varying degrees. Its 12 articles provide a glimpse on different building blocks of digital architecture, such as national unique ID systems, tools for registration...

As smart cities advance, Internet of Things (IoT) devices present cybersecurity challenges that call for innovative solutions. This paper presents a conceptual model for using AI-enabled anomaly detection systems to identify anomalies and security threats in smart city IoT networks. The...

A high level of adoption of Domain Name System Security Extensions (DNSSEC) is essential to protect the integrity of the Domain Name System (DNS) Internet infrastructure to ensure the interoperability and security of the global cyberspace. This report provides an analysis of the level of...

Cyber Europe is a series of European Union-level cyber incident and crisis management exercises organised by the European Union Agency for Cybersecurity (ENISA), intended for both the public and private sector across the European Union and European Free Trade Association (EFTA) Member States....

Cyber Europe is a series of European Union-level cyber incident and crisis management exercises organised by the European Union Agency for Cybersecurity (ENISA), intended for both the public and private sector across the European Union and European Free Trade Association (EFTA) Member States....

This report aims at providing policy makers with evidence to assess the effectiveness of the existing EU cybersecurity framework specifically through data on how the NIS Directive has influenced cybersecurity investments and overall maturity of organisations in scope. As 2024 is the year of the...

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (hereinafter NIS2). The report aims at providing policy...

The focus of this review is the long and broad history of attacker-defender games as a foundation for the narrower and shorter history of cyber security. The purpose is to illustrate the role of game theory in cyber security and which areas have received attention and to indicate future research...

Cybersecurity tools and services aim to protect networks, data and devices from tampering, unauthorised access or criminal uses. With so much data now stored on the internet, cybersecurity becomes an essential tool for people, governments, and corporations.

This report addresses the polycentric governance of blockchain systems, following conversations held from September 2022 until September 2023 by a reading group of blockchain practitioners and academics. The ERC-funded BlockchainGov project led the reading group. Since the publication of the...

The health and medicine sector are increasingly digitized, a trend that will accelerate with more widespread adoption of artificial intelligence, wearables and internet of things-based healthcare. Yet, this digital transformation carries notable cybersecurity threats. While there is ample...

Automated biometric recognition technology, or simply 'biometrics', appeared in the 1960s as a paradigm shift to the classical security and identity management technologies used until then. With these new systems, one is not recognised by something that they know (e.g., PIN or password) or...

As a continuation of the ENISA report Cybersecurity Education Initiatives in the EU Member States, ENISA aims to understand the maturity of cybersecurity in primary and secondary education in each MS to further allow the creation of specific material to support cybersecurity education according...

A high level of adoption of Domain Name System Security Extensions (DNSSEC) is essential to protect the integrity of the Domain Name System (DNS) Internet infrastructure to ensure the interoperability and security of the global cyberspace. This report provides an analysis of the level of...

The increasing number of cyberattacks affecting digital products, coupled with widespread vulnerabilities and insufficient timely security updates, creates heavy financial burdens on society. In response, the European Commission has drafted the Cyber Resilience Act (CRA), a new proposal for...

The present report provides anonymised and aggregated information about major telecom security incidents that happened in 2022. Security incident reporting is a hallmark of EU cybersecurity legislation. It is an important enabler of cybersecurity supervision and a support tool for policymaking...

Taking into account the main third-party cybersecurity assessments methodologies for ICT products and cloud services as well as the number of assessment bodies, the report presents the current state of play of cybersecurity assessments based on the past 5 years data. This study aims at analysing...

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends largely on the level of risk that EU Member States (MS)...

This report covers the topic of cybersecurity of Low Earth Orbit (LEO) constellations delivering telecommunications services (LEO satcom in short). The key specifics of an LEO satcom system may be summed up as (a) many assets forming the space and ground segments and (b) a worldwide distribution...

From a legal standpoint, there are significant disparities in treating online offenses targeting individuals, organizations, and nation-states. These disparities arise due to influences that vary discreetly based on crucial factors such as the target, motive, or impact. This article draws upon...

The decentralized nature of blockchain markets has given rise to a complex and highly heterogeneous market structure, gaining increasing importance as traditional and decentralized (DeFi) finance become more interconnected. This paper introduces the DeFi intermediation chain and provides...