Article Preview
TopIntroduction
The explosive expansion of information technologies offers unprecedented opportunities for businesses to expand their markets through cross-border e-commerce, which accounted for roughly 20% of total global online transactions in 2015 (MEDICI Team, 2015) and continues to increase rapidly. The use of ICT is a critical factor in improving service productivity in e-commerce (Rabeh, Islam, Samer, Adnan, & Mustafa, 2019), and the growth of cross-border multi-national e-commerce has set trends for a major overhaul of the online industry (Sanjeev et al., 2019). Many governments consider now cross-border e-commerce as a new dimension of trade (Lianos, Mantzari, Durán, Darr, & Raslan, 2019). However, this increase in cross-border e-commerce activity has been accompanied by a commensurate increase in cyber-crime (Lau, 2018; Shrivastava, 2016). Not only have financial firms suffered serious losses due to cyberattacks (Ismail, 2018), governments, academic institutions, and high-tech firms have also experienced severe information breaches, with significant impacts on policy, research results, and competitive advantage. It is suggested that a serious cyberattack occurs every 39 seconds and that cybercrime could cost businesses up to $5.2 trillion over the next five years (Bera, 2019).
Privacy and security have emerged as two key requirements for successful cross border e-commerce (Karwatzki, Dytynko, Trenz, & Veit, 2017; Sung, 2006; Sutton, Khazanchi, Hampton, & Arnold, 2008). To prevent cyberattacks, businesses promote security awareness through information security education, training and awareness programs which have shown to improve employee security behavior (Winfred, Daniel Okyere, & Peace, 2019). In addition to national regulatory frameworks to promote user privacy protection, trans-national measures have been implemented to ensure cross-border e-commerce security. For instance, in 2016 the Organization for Economic Cooperation and Development (OECD) published its “Consumer Protection in E-commerce” (OECD, 2016) to stress the importance of consumer data security, especially for cross-border e-commerce. In addition, beginning in 2018, EU member states have implemented the General Data Protection Regulation (Tikkinen-Piri, Rohunen, & Markkula, 2018) and the European Data Protection Regulations to harmonize data privacy laws.
In addition to these overarching guidelines for securing e-commerce safety, new attention has focused on measures related to responding to security incidents. As defined in the RFC 2350 (“Expectations for Computer Security Incident Response”) (Brownlee & Guttman, 1998), a security incident is any adverse event which compromises some aspect of computer or network security. Generally, it is related to the compromise of confidentiality (e.g., user privacy), integrity (e.g., alteration of confidential information) or availability of information (e.g., Denial of Service attacks). The security incident response process includes evidence collection to facilitate rigorous investigations to protect cybersecurity (Baryamureeba & Tushabe, 2004), entailing evidence acquisition, collection and preservation, analysis, examination, and result reporting (Ademu, Imafidon, & Preston, 2011) using multiple forensic tools and technologies and comprehensive security domain knowledge. This makes identifying and tracking cyberattacks a time- and cost-intensive task for businesses. Moreover, prompt incident response is essential to reducing damage and loss from cyber-attacks.