ABSTRACT
Private organizations suffer great losses due to cybersecurity incidents, and they invest increasing resources to prevent attacks, but little is known about the effectiveness of cybersecurity measures for prevention. Based on the framework of Routine Activity Theory, this paper analyzes the impact of companies’ online activities and cybersecurity measures on victimization. Our analysis of the UK Cybersecurity Breaches Survey shows that the most promising ways to minimize cyber-attacks and their impacts is to invest in in-house cybersecurity human resources and enhance the employees’ online self-protection by providing cybersecurity training, rather than just basic software protection and guidance about strong passwords.
