Learning from safety science: designing incident reporting systems in cybersecurity

Nico Ebert; Thierry Schaltegger; Benjamin Ambuehl; Tim Geppert; Ariane Trammell; Melanie Knieps; Verena Zimmermann; Zimmermann, Verena

doi:10.1093/cybsec/tyaf019

This record is in review state, the data has not yet been validated.

info

This is not the latest version of this item. The latest version can be found here.

Learning from safety science: designing incident reporting systems in cybersecurity

Author / Producer

Nico Ebert

Thierry Schaltegger

Benjamin Ambuehl

Date

2025

Publication Type

Journal Article

ETH Bibliography

yes

Citations

Web of Science:

0

Abstract

Abstract Despite all the technical approaches to monitoring threats and detecting incidents, manual incident reporting is critical at all organizational levels of cybersecurity. However, in its current state, reporting suffers from challenges such as underreporting, lack of reporting channels, and uncertainty about what should be reported. The phenomenon of incident reporting itself is not clearly defined and occurs in different facets, from reporting phishing emails to the IT department to reporting vulnerabilities to national authorities. This makes it difficult to design effective socio-technical incident-reporting systems (IRS) according to overarching principles. This review article addresses these challenges by drawing on insights from the field of safety, where IRS are well-established. We find that a broad range of events is reported, various reporting channels on different organizational levels exist, and key design factors of successful IRS have emerged. Based on these lessons from safety, we propose a taxonomy for cybersecurity reporting that includes noncritical events, such as near misses, and latent factors, such as weak security controls. We suggest that also in cybersecurity new reporting channels can be established, e.g. for reporting of noncritical events to nonpunitive supra-organizational bodies or for employee reporting. When designing IRS for cybersecurity, factors such as case-based learning, voluntariness, impunity, independence, and feedback should be taken into account in order to encourage reporting.

External links

https://doi.org/10.1093/cybsec/tyaf019 north_east

Journal / series

Journal of Cybersecurity

Volume

11 (1)

Organisational unit

09775 - Zimmermann, Verena / Zimmermann, Verena check_circle

More

Show all metadata

Learning from safety science: designing incident reporting systems in cybersecurity

Author / Producer

Date

Publication Type

ETH Bibliography

Citations

Altmetric

Data

Rights / License

Abstract

Permanent link

Publication status

External links

Editor

Book title

Journal / series

Volume

Pages / Article No.

Publisher

Event

Edition / version

Methods

Software

Geographic location

Date collected

Date created

Subject

Organisational unit

Notes

Funding

Related publications and datasets

More