Introducing the concept of cybersecurity footprint

Purpose: This paper aims to introduce the concept of cybersecurity footprint. Design/methodology/approach: Characteristics of cybersecurity footprint are presented based on documented cases, and the domino effect of cybersecurity is illustrated. Organizational and individual cybersecurity footprints are outlined. Active and passive – digital vs cybersecurity footprints are then reviewed. Taxonomy of aware/unaware vs active/passive cybersecurity footprints are presented, followed by brief discussion of the implications for future research. Findings: The concept of cybersecurity footprint is defined, and the evidence from prior cyber incidents is shown to emphasize the concept. Smaller organizations may have a large cybersecurity footprint, whereas larger organizations may have smaller one. Cyberattacks are focusing on the individuals or small organizations that are in the supply chain of larger organizations causing the domino effect. Practical implications: Implications of cybersecurity footprint to individuals, organizations, societies and governments are discussed. The authors present organizations with ways to lower cybersecurity footprint along with recommendations for future research. Social implications: Cybersecurity has a significant social implication worldwide, as the world is becoming cyber dependent. With the authors’ introduction of the cybersecurity footprint concept and call to further understand how organizations can measure and reduce it, the authors envision it as another perspective of assessing cyber risk and further help mitigate future cyber incidents. Originality/value: This paper extends the existing information and computer security body of knowledge on the concept of cybersecurity footprint with illustrated cases.