{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,19]],"date-time":"2026-04-19T05:51:52Z","timestamp":1776577912766,"version":"3.51.2"},"reference-count":177,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2025,8,20]],"date-time":"2025-08-20T00:00:00Z","timestamp":1755648000000},"content-version":"vor","delay-in-days":231,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001711","name":"Swiss National Science Foundation","doi-asserted-by":"publisher","award":["207550"],"award-info":[{"award-number":["207550"]}],"id":[{"id":"10.13039\/501100001711","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,1,17]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Despite all the technical approaches to monitoring threats and detecting incidents, manual incident reporting is critical at all organizational levels of cybersecurity. However, in its current state, reporting suffers from challenges such as underreporting, lack of reporting channels, and uncertainty about what should be reported. The phenomenon of incident reporting itself is not clearly defined and occurs in different facets, from reporting phishing emails to the IT department to reporting vulnerabilities to national authorities. This makes it difficult to design effective socio-technical incident-reporting systems (IRS) according to overarching principles. This review article addresses these challenges by drawing on insights from the field of safety, where IRS are well-established. We find that a broad range of events is reported, various reporting channels on different organizational levels exist, and key design factors of successful IRS have emerged. Based on these lessons from safety, we propose a taxonomy for cybersecurity reporting that includes noncritical events, such as near misses, and latent factors, such as weak security controls. We suggest that also in cybersecurity new reporting channels can be established, e.g. for reporting of noncritical events to nonpunitive supra-organizational bodies or for employee reporting. When designing IRS for cybersecurity, factors such as case-based learning, voluntariness, impunity, independence, and feedback should be taken into account in order to encourage reporting.<\/jats:p>","DOI":"10.1093\/cybsec\/tyaf019","type":"journal-article","created":{"date-parts":[[2025,8,20]],"date-time":"2025-08-20T13:24:55Z","timestamp":1755696295000},"source":"Crossref","is-referenced-by-count":3,"title":["Learning from safety science: designing incident reporting systems in cybersecurity"],"prefix":"10.1093","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9683-4792","authenticated-orcid":false,"given":"Nico","family":"Ebert","sequence":"first","affiliation":[{"name":"Institute of Business Information Technology ZHAW School of Management and Law, , Theaterstrasse 17, 8400 Winterthur,","place":["Switzerland"]}]},{"given":"Thierry","family":"Schaltegger","sequence":"additional","affiliation":[{"name":"Institute of Business Information Technology ZHAW School of Management and Law, , Theaterstrasse 17, 8400 Winterthur,","place":["Switzerland"]}]},{"given":"Benjamin","family":"Ambuehl","sequence":"additional","affiliation":[{"name":"Institute of Business Information Technology ZHAW School of Management and Law, , Theaterstrasse 17, 8400 Winterthur,","place":["Switzerland"]}]},{"given":"Tim","family":"Geppert","sequence":"additional","affiliation":[{"name":"Institute of Business Information Technology ZHAW School of Management and Law, , Theaterstrasse 17, 8400 Winterthur,","place":["Switzerland"]}]},{"given":"Ariane","family":"Trammell","sequence":"additional","affiliation":[{"name":"Institute of Computer Science ZHAW School of Engineering, , Steinberggasse 13, 8400 Winterthur,","place":["Switzerland"]}]},{"given":"Melanie","family":"Knieps","sequence":"additional","affiliation":[{"name":"University of Zurich Digital Society Initiative, , R\u00e4mistrasse 69, 8001 Zurich,","place":["Switzerland"]}]},{"given":"Verena","family":"Zimmermann","sequence":"additional","affiliation":[{"name":"ETH Zurich Professorship for Security, Privacy and Society D-GESS, , Stampfenbachstrasse 69, 8006 Zurich,","place":["Switzerland"]}]}],"member":"286","published-online":{"date-parts":[[2025,8,20]]},"reference":[{"key":"2025082009245075400_bib1","doi-asserted-by":"publisher","first-page":"45","DOI":"10.2307\/249307","article-title":"Discovering and disciplining computer abuse in organizations: a field study","volume":"14","author":"Straub","year":"1990","journal-title":"MIS Quart"},{"key":"2025082009245075400_bib2","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1353\/tech.2020.0036","article-title":"Trusting infrastructure: the emergence of computer security incident response, 1989\u20132005","volume":"61","author":"Slayton","year":"2020","journal-title":"Technol Cult"},{"key":"2025082009245075400_bib3","doi-asserted-by":"publisher","first-page":"tyad009","DOI":"10.1093\/cybsec\/tyad009","article-title":"Defining the reporting threshold for a cybersecurity incident under the NIS Directive and the NIS 2 Directive","volume":"9","author":"Schmitz-Berndt","year":"2023","journal-title":"J Cybersecur"},{"key":"2025082009245075400_bib4","first-page":"2783","volume-title":"99% False Positives: A Qualitative Study of SOC Analysts\u2019 Perspectives on Security Alarms","author":"Alahmadi","year":"2022"},{"key":"2025082009245075400_bib5","doi-asserted-by":"crossref","DOI":"10.24251\/HICSS.2024.568","article-title":"Re-thinking Decision-Making in Cybersecurity: leveraging Cognitive Heuristics in Situations of Uncertainty","volume-title":"Proceedings of the Fifty-Seventh Hawaii International Conference on System Sciences","author":"Schaltegger","year":"2024"},{"key":"2025082009245075400_bib6","doi-asserted-by":"publisher","first-page":"109","DOI":"10.9785\/cri-2023-240404","article-title":"Cyberbreaches in critical infrastructure: it\u2019s not just about personal data breaches anymore (Part 1)\u2014a comparison of the new security regime for critical infrastructures in Canada, USA and EU","volume":"24","author":"Beardwood","year":"2023","journal-title":"Comput Law Rev Int"},{"key":"2025082009245075400_bib7","volume-title":"Incident Reporting for Cloud Computing","author":"Dekker","year":"2013"},{"key":"2025082009245075400_bib8","first-page":"1","article-title":"\u201cI didn\u2019t click\u201d: what users say when reporting phishing","author":"Pilavakis","year":"2023","journal-title":"Symposium on Usable Security and Privacy (USEC) 2023"},{"key":"2025082009245075400_bib9","doi-asserted-by":"publisher","first-page":"585","DOI":"10.1365\/s43439-024-00129-x","article-title":"Implications of cyber incident reporting obligations on multinational organizations headquartered in Switzerland","volume":"5","author":"Ecabert","year":"2024","journal-title":"Int Cybersecur Law Rev"},{"key":"2025082009245075400_bib10","doi-asserted-by":"crossref","first-page":"526","DOI":"10.1145\/3487552.3487841","article-title":"Who you gonna call? An empirical evaluation of website security.txt deployment","volume-title":"Proceedings of the Twenty-First ACM Internet Measurement Conference","author":"Poteat","year":"2021"},{"key":"2025082009245075400_bib11","doi-asserted-by":"crossref","first-page":"1177","DOI":"10.1007\/s11142-018-9452-4","article-title":"Do firms underreport information on cyber-attacks? Evidence from capital markets","volume":"23","author":"Amir","year":"2018","journal-title":"Rev Account Stud"},{"key":"2025082009245075400_bib12","first-page":"1033","article-title":"You\u2019ve got vulnerability: exploring effective vulnerability notifications","volume-title":"Proceedings of the Twenty-Fifth USENIX Security Symposium (USENIX Security 16)","author":"Li","year":"2016"},{"key":"2025082009245075400_bib13","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1145\/3665665","article-title":"Human-centered cybersecurity revisited: from enemies to partners","volume":"67","author":"Zimmermann","year":"2024","journal-title":"Commun ACM"},{"key":"2025082009245075400_bib14","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.SP.800-160v2r1","volume-title":"Developing Cyber-Resilient Systems: A Systems Security Engineering Approach","author":"Ross","year":"2021"},{"key":"2025082009245075400_bib15","first-page":"19","article-title":"Employees are not the weakest link: an occupational safety view of information security","volume":"4","author":"Dennis","year":"2024","journal-title":"Organ Cybersecur J Pract Process People"},{"key":"2025082009245075400_bib16","doi-asserted-by":"crossref","first-page":"103435","DOI":"10.1016\/j.cose.2023.103435","article-title":"Learning from safety science: a way forward for studying cybersecurity incidents in organizations","volume":"134","author":"Ebert","year":"2023","journal-title":"Comput Secur"},{"key":"2025082009245075400_bib17","doi-asserted-by":"crossref","first-page":"400","DOI":"10.1007\/978-3-319-24255-2_29","article-title":"Organisational, political and technical barriers to the integration of safety and cyber-security incident reporting systems","volume-title":"Computer Safety, Reliability, and Security","author":"Johnson","year":"2015"},{"key":"2025082009245075400_bib18","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1016\/j.cose.2013.04.004","article-title":"From information security to cyber security","volume":"38","author":"Von\u00a0Solms","year":"2013","journal-title":"Comput Secur"},{"key":"2025082009245075400_bib19","doi-asserted-by":"publisher","first-page":"714","DOI":"10.1016\/j.ssci.2010.02.004","article-title":"Learning from accidents\u2014what more do we need to know?","volume":"48","author":"Lindberg","year":"2010","journal-title":"Saf Sci"},{"key":"2025082009245075400_bib20","volume-title":"Patient Safety Incident Reporting and Learning Systems: Technical Report and Guidance","author":"WHO","year":"2020"},{"key":"2025082009245075400_bib21","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1016\/S0950-4230(98)00038-2","article-title":"The importance of near miss reporting to further improve safety performance","volume":"12","author":"Jones","year":"1999","journal-title":"J Loss Prev Process Ind"},{"key":"2025082009245075400_bib22","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1016\/j.siny.2004.09.012","article-title":"Critical incident reporting systems","volume":"10","author":"Ahluwalia","year":"2005","journal-title":"Semin Fetal Neonatal Med"},{"key":"2025082009245075400_bib23","volume-title":"Failure in Safety-Critical Systems: A Handbook of Accident and Incident Reporting","author":"Johnson","year":"2003"},{"key":"2025082009245075400_bib24","volume-title":"ASRS\u2014Aviation Safety Reporting System","author":"NASA"},{"key":"2025082009245075400_bib25","doi-asserted-by":"crossref","first-page":"117","DOI":"10.1016\/j.aap.2013.07.029","article-title":"A system of safety management practices and worker engagement for reducing and preventing accidents: an empirical and theoretical investigation","volume":"68","author":"Wachter","year":"2014","journal-title":"Accid Anal Prevent"},{"key":"2025082009245075400_bib26","doi-asserted-by":"publisher","first-page":"826","DOI":"10.1111\/1468-0009.12166","article-title":"How Effective are incident-reporting systems for improving patient safety? A systematic literature review: incident-reporting systems for improving patients\u2019 safety","volume":"93","author":"Stavropoulou","year":"2015","journal-title":"Milbank Q"},{"key":"2025082009245075400_bib27","volume-title":"The Sterile Cockpit","author":"NASA","year":"1992"},{"key":"2025082009245075400_bib28","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1136\/qshc.2004.012559","article-title":"Attitudes and barriers to incident reporting: a collaborative hospital study","volume":"15","author":"Evans","year":"2006","journal-title":"BMJ Qual Saf"},{"key":"2025082009245075400_bib29","first-page":"327","article-title":"That was close: reward reporting of cybersecurity near misses","volume":"16","author":"Bair","year":"2017","journal-title":"Colo Tech LJ"},{"key":"2025082009245075400_bib30","doi-asserted-by":"crossref","first-page":"368","DOI":"10.1007\/11563228_28","article-title":"Towards a cyber security reporting system\u2014a quality improvement process","volume-title":"Computer Safety, Reliability, and Security","author":"Gonzalez","year":"2005"},{"key":"2025082009245075400_bib31","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1007\/978-3-319-08819-8_7","article-title":"Architectures for cyber-security incident reporting in safety-critical systems","volume-title":"Disaster Management: Enabling Resilience","author":"Johnson","year":"2015"},{"key":"2025082009245075400_bib32","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1016\/S0925-7535(00)00045-X","article-title":"The paradoxes of almost totally safe transportation systems","volume":"37","author":"Amalberti","year":"2001","journal-title":"Saf Sci"},{"key":"2025082009245075400_bib33","first-page":"214","article-title":"Some hopes and concerns regarding medical event-reporting systems: lessons from the NASA Aviation Safety Reporting System","volume":"122","author":"Billings","year":"1998","journal-title":"Arch Pathol Lab Med"},{"key":"2025082009245075400_bib34","volume-title":"A Tale of Two Stories: Contrasting Views of Patient Safety","author":"Cook","year":"1998"},{"key":"2025082009245075400_bib35","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1002\/sdr.4260100206","article-title":"Systems thinking and thinking systems","volume":"10","author":"Ackoff","year":"1994","journal-title":"Syst Dyn Rev"},{"key":"2025082009245075400_bib36","doi-asserted-by":"crossref","DOI":"10.1201\/9781315120973","volume-title":"Prevention of Accidents and Unwanted Occurrences: Theory, Methods, and Tools in Safety Management","author":"Kjell\u00e9n","year":"2017"},{"key":"2025082009245075400_bib37","article-title":"Cyber security awareness campaigns: why do they fail to change behaviour?","author":"Bada","year":"2015"},{"key":"2025082009245075400_bib38","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.CSWP.29","article-title":"The NIST Cybersecurity Framework (CSF) 2.0","author":"Pascoe","year":"2024"},{"key":"2025082009245075400_bib39","doi-asserted-by":"crossref","DOI":"10.21236\/ADA358945","volume-title":"Handbook for Computer Security Incident Response Teams (CSIRTs)","author":"West-Brown","year":"1998"},{"key":"2025082009245075400_bib40","doi-asserted-by":"crossref","first-page":"102936","DOI":"10.1016\/j.cose.2022.102936","article-title":"Coordinated vulnerability disclosure programme effectiveness: issues and recommendations","volume":"123","author":"Walshe","year":"2022","journal-title":"Comput Secur"},{"key":"2025082009245075400_bib41","doi-asserted-by":"crossref","first-page":"105336","DOI":"10.1016\/j.clsr.2019.06.007","article-title":"The new EU cybersecurity framework: the NIS Directive, ENISA\u2019s role and the General Data Protection Regulation","volume":"35","author":"Markopoulou","year":"2019","journal-title":"Comput Law Secur Rev"},{"key":"2025082009245075400_bib42","doi-asserted-by":"crossref","first-page":"103309","DOI":"10.1016\/j.cose.2023.103309","article-title":"Learning from cyber security incidents: a systematic review and future research agenda","volume":"132","author":"Patterson","year":"2023","journal-title":"Comput Secur"},{"key":"2025082009245075400_bib43","doi-asserted-by":"publisher","first-page":"103201","DOI":"10.1016\/j.micpro.2020.103201","article-title":"Cyber-physical systems security: limitations, issues and future trends","volume":"77","author":"Yaacoub","year":"2020","journal-title":"Microprocess Microsyst"},{"key":"2025082009245075400_bib44","doi-asserted-by":"publisher","DOI":"10.22215\/timreview\/835","article-title":"Defining cybersecurity","volume":"4","author":"Craigen","year":"2014","journal-title":"Technol Innov Manag Rev"},{"key":"2025082009245075400_bib45","first-page":"2311","article-title":"\u201cEmployees who Don\u2019t accept the time security takes are not aware Enough\u201d: the CISO view of Human-Centred security","volume-title":"Proceedings of the Thirty-Second USENIX Security Symposium (USENIX Security 23)","author":"Hielscher","year":"2023"},{"key":"2025082009245075400_bib46","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4324\/9781351059794-1","article-title":"The 1900s and onward: beginnings","volume-title":"Foundations of Safety Science","author":"Rae","year":"2019"},{"key":"2025082009245075400_bib47","doi-asserted-by":"crossref","first-page":"198","DOI":"10.1016\/j.ssci.2017.04.004","article-title":"Critical incident reporting systems: a necessary multilevel understanding","volume":"96","author":"van\u00a0der\u00a0Westhuizen","year":"2017","journal-title":"Saf Sci"},{"key":"2025082009245075400_bib48","article-title":"Accident analysis models and methods: guidance for safety professionals","author":"Underwood","year":"2013"},{"key":"2025082009245075400_bib49","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1145\/508171.508178","article-title":"Safe and sound: a safety-critical approach to security","author":"Brostoff","year":"2001","journal-title":"Proceedings of the 2001 Workshop on New Security Paradigms"},{"key":"2025082009245075400_bib50","doi-asserted-by":"publisher","DOI":"10.4324\/9781315543543","volume-title":"Managing the Risks of Organizational Accidents","author":"Reason","year":"2016"},{"key":"2025082009245075400_bib51","doi-asserted-by":"publisher","first-page":"105365","DOI":"10.1016\/j.ssci.2021.105365","article-title":"Hazard reporting: how can it improve safety?","volume":"142","author":"Havinga","year":"2021","journal-title":"Saf Sci"},{"key":"2025082009245075400_bib52","article-title":"CHIRP","author":"CHIRP","year":"2023"},{"key":"2025082009245075400_bib53","doi-asserted-by":"publisher","first-page":"240","DOI":"10.7326\/M18-0343","article-title":"Harms reporting in randomized controlled trials of interventions aimed at modifying microbiota","volume":"169","author":"Bafeta","year":"2018","journal-title":"Ann Intern Med"},{"key":"2025082009245075400_bib54","volume-title":"Guide for Conducting Risk Assessments","author":"Ross","year":"2012"},{"key":"2025082009245075400_bib55","first-page":"35","article-title":"Guide to cyber threat information sharing","volume":"800","author":"Johnson","year":"2016","journal-title":"NIST Spec Publ"},{"key":"2025082009245075400_bib56","volume-title":"SP 800-137. Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations","author":"Dempsey","year":"2011"},{"key":"2025082009245075400_bib57","article-title":"NCSC warns organizations of cyber threat from Russian Foreign Intelligence","author":"Woollacott","year":"2024"},{"key":"2025082009245075400_bib58","doi-asserted-by":"publisher","first-page":"452","DOI":"10.1080\/08874417.2020.1845583","article-title":"A cyber-security culture framework for assessing organization readiness","volume":"62","author":"Georgiadou","year":"2022","journal-title":"J Comput Inf Syst"},{"key":"2025082009245075400_bib59","doi-asserted-by":"crossref","first-page":"103877","DOI":"10.1016\/j.im.2023.103877","article-title":"VISTA: an inclusive insider threat taxonomy, with mitigation strategies","volume":"61","author":"Renaud","year":"2024","journal-title":"Inf Manag"},{"key":"2025082009245075400_bib60","volume-title":"Computer Security Incident Handling Guide","author":"Cichonski","year":"2012"},{"key":"2025082009245075400_bib61","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1145\/3498891.3498896","article-title":"Shame in cyber security: effective behavior modification tool or counterproductive foil?","volume-title":"New Security Paradigms Workshop","author":"Renaud","year":"2021"},{"key":"2025082009245075400_bib62","article-title":"Understanding the human factor in cyber incidents","author":"Niedermann","year":"2023"},{"key":"2025082009245075400_bib63","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1287\/orsc.2.1.1","article-title":"Learning from samples of one or fewer","volume":"2","author":"March","year":"1991","journal-title":"Organ Sci"},{"key":"2025082009245075400_bib64","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3479865","article-title":"The impact of organizational structure and technology use on collaborative practices in computer emergency response teams: an empirical study","volume":"5","author":"Riebe","year":"2021","journal-title":"Proc ACM Hum Comput Interact"},{"key":"2025082009245075400_bib65","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1186\/s42400-019-0040-0","article-title":"Human-as-a-security-sensor for harvesting threat intelligence","volume":"2","author":"Vielberth","year":"2019","journal-title":"Cybersecur"},{"key":"2025082009245075400_bib66","doi-asserted-by":"crossref","first-page":"1","DOI":"10.23919\/CYCON.2019.8756990","article-title":"Hidden risks to cyberspace security from obsolete COTS software","volume-title":"Proceedings of the 2019 Eleventh International Conference on Cyber Conflict (CyCon)","author":"\u00d6zkan","year":"2019"},{"key":"2025082009245075400_bib67","article-title":"Cyber risk trends 2024","author":"Allianz","year":"2024"},{"key":"2025082009245075400_bib68","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1016\/0951-8320(94)90078-7","article-title":"Organizational processes and nuclear power plant safety","volume":"45","author":"Jacobs","year":"1994","journal-title":"Reliab Eng Syst Saf"},{"key":"2025082009245075400_bib69","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1109\/MSP.2014.103","article-title":"The operational role of security information and event management systems","volume":"12","author":"Bhatt","year":"2014","journal-title":"IEEE Secur Priv"},{"key":"2025082009245075400_bib70","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1109\/MSP.2014.96","article-title":"On computer security incident response teams","volume":"12","author":"Horne","year":"2014","journal-title":"IEEE Secur Priv"},{"key":"2025082009245075400_bib71","doi-asserted-by":"crossref","first-page":"224","DOI":"10.1145\/3617072.3617098","article-title":"Encouraging organisational information security incident reporting","volume-title":"Proceedings of the 2023 European Symposium on Usable Security","author":"Ballreich","year":"2023"},{"key":"2025082009245075400_bib72","first-page":"1","article-title":"Can I help prevent data breaches in the workplace? From routine activities to extra-role security behaviors","volume":"6","author":"Lee","year":"2024","journal-title":"IEEE Trans Technol Soc"},{"key":"2025082009245075400_bib73","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1016\/j.cose.2014.05.003","article-title":"Information security incident management: current practice as reported in the literature","volume":"45","author":"T\u00f8ndel","year":"2014","journal-title":"Comput Secur"},{"key":"2025082009245075400_bib74","volume-title":"Zalando: Report a Vulnerability","author":"Zalando"},{"key":"2025082009245075400_bib75","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/978-3-319-99951-7_1","article-title":"External cybersecurity incident reporting for resilience","volume-title":"Perspectives in Business Informatics Research","author":"Andreasson","year":"2018"},{"key":"2025082009245075400_bib76","doi-asserted-by":"publisher","DOI":"10.1184\/R1\/13624148.v1","article-title":"The sector CSIRT framework: developing sector-based incident response capabilities","author":"Novak","year":"2021"},{"key":"2025082009245075400_bib77","doi-asserted-by":"publisher","first-page":"726","DOI":"10.1287\/mnsc.1040.0357","article-title":"Market for software vulnerabilities? Think Again","volume":"51","author":"Kannan","year":"2005","journal-title":"Manag Sci"},{"key":"2025082009245075400_bib78","article-title":"Whistleblowing","author":"Cyber Security Agency of Singapore"},{"key":"2025082009245075400_bib79","first-page":"xiii","article-title":"Analyzing the past to prepare for the future: writing a literature review","volume":"26","author":"Webster","year":"2002","journal-title":"MIS Quart"},{"key":"2025082009245075400_bib80","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1191\/1478088706qp063oa","article-title":"Using thematic analysis in psychology","volume":"3","author":"Braun","year":"2006","journal-title":"Qual Res Psychol"},{"key":"2025082009245075400_bib81","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1136\/bmjqs-2015-004732","article-title":"The problem with incident reporting","volume":"25","author":"Macrae","year":"2016","journal-title":"BMJ Qual Saf"},{"key":"2025082009245075400_bib82","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1136\/bmj.39071.441609.80","article-title":"Incident reporting and patient safety","volume":"334","author":"Vincent","year":"2007","journal-title":"BMJ"},{"key":"2025082009245075400_bib83","doi-asserted-by":"publisher","first-page":"759","DOI":"10.1136\/bmj.320.7237.759","article-title":"Reporting and preventing medical mishaps: lessons from non-medical near miss reporting systems","volume":"320","author":"Barach","year":"2000","journal-title":"Br Med J"},{"key":"2025082009245075400_bib84","first-page":"bmjqs","article-title":"Learning from incidents in healthcare: the journey, not the arrival, matters","volume":"26","author":"Leistikow","year":"2016","journal-title":"BMJ Qual Saf"},{"key":"2025082009245075400_bib85","doi-asserted-by":"crossref","first-page":"643","DOI":"10.1016\/j.cose.2012.04.001","article-title":"Incident response teams\u2014challenges in supporting the organisational security function","volume":"31","author":"Ahmad","year":"2012","journal-title":"Comput Secur"},{"key":"2025082009245075400_bib86","doi-asserted-by":"crossref","first-page":"103699","DOI":"10.1016\/j.cose.2023.103699","article-title":"I don\u2019t think we\u2019re there yet\u201d: the practices and challenges of organisational learning from cyber security incidents","volume":"139","author":"Patterson","year":"2024","journal-title":"Comput Secur"},{"key":"2025082009245075400_bib87","doi-asserted-by":"publisher","first-page":"102000","DOI":"10.1016\/j.giq.2024.102000","article-title":"Evaluating incident reporting in cybersecurity. From threat detection to policy learning","volume":"42","author":"Busetti","year":"2025","journal-title":"Govern Inf Quart"},{"key":"2025082009245075400_bib88","doi-asserted-by":"publisher","first-page":"939","DOI":"10.1002\/asi.24311","article-title":"How integration of cyber security management and incident response enables organizational learning","volume":"71","author":"Ahmad","year":"2020","journal-title":"Assoc Info Sci Technol"},{"key":"2025082009245075400_bib89","first-page":"77:1","article-title":"Strategic aspects of cyber risk information sharing","volume":"50","author":"Laube","year":"2017","journal-title":"ACM Comput Surv"},{"key":"2025082009245075400_bib90","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/19331681.2020.1776658","article-title":"A tale of two cybers\u2014how threat reporting by cybersecurity firms systematically underrepresents threats to civil society","volume":"18","author":"Maschmeyer","year":"2021","journal-title":"J Inf Technol Polit"},{"key":"2025082009245075400_bib91","volume-title":"Review of the December 2021 Log4j Event","author":"Cyber Safety Review Board","year":"2022"},{"key":"2025082009245075400_bib92","doi-asserted-by":"publisher","DOI":"10.18502\/fem.v6i4.10441","article-title":"Incident reporting systems: how did we get here and where should we go? A narrative review","volume":"6","author":"Kao","year":"2022","journal-title":"FEM"},{"key":"2025082009245075400_bib93","first-page":"12","article-title":"Identifying risk: the limitations of incident reporting","volume":"103","author":"Burkoski","year":"2007","journal-title":"Can Nurse"},{"key":"2025082009245075400_bib94","first-page":"1","article-title":"Patient safety learning systems: a systematic review and qualitative synthesis","volume":"17","author":"Health Quality Ontario","year":"2017","journal-title":"Ontario Health Technol Assess Ser"},{"key":"2025082009245075400_bib95","first-page":"11","article-title":"A review of selected aviation human factors taxonomies, accident\/incident reporting systems and data collection tools","volume":"2","author":"Beaubien","year":"2002","journal-title":"Int J Appl Aviat Stud"},{"key":"2025082009245075400_bib96","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1016\/j.ssci.2015.07.012","article-title":"Learning from patient safety incidents in incident review meetings: organisational factors and indicators of analytic process effectiveness","volume":"80","author":"Anderson","year":"2015","journal-title":"Saf Sci"},{"key":"2025082009245075400_bib97","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1177\/0894439318805067","article-title":"Testing an integrated self-control and routine activities framework to examine malware infection victimization","volume":"38","author":"Holt","year":"2020","journal-title":"Soc Sci Comput Rev"},{"key":"2025082009245075400_bib98","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1093\/ijlit\/10.2.139","article-title":"The emerging consensus on criminal conduct in cyberspace","volume":"10","author":"Goodman","year":"2002","journal-title":"Int J Law Inf Technol"},{"key":"2025082009245075400_bib99","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1080\/13600860801924907","article-title":"Cybercrime, media and insecurity: the shaping of public perceptions of cybercrime","volume":"22","author":"Wall","year":"2008","journal-title":"Int Rev Law Comput Technol"},{"key":"2025082009245075400_bib100","doi-asserted-by":"crossref","first-page":"242","DOI":"10.1108\/ICS-11-2023-0214","article-title":"Hey \u201cCSIRI\u201d, should I report this? Investigating the factors that influence employees to report cyber security incidents in the workplace","volume":"33","author":"Ahola","year":"2025","journal-title":"Inf Comput Secur"},{"key":"2025082009245075400_bib101","doi-asserted-by":"publisher","first-page":"744","DOI":"10.3389\/fpsyg.2018.00744","article-title":"The future cybersecurity workforce: going beyond technical skills for successful cyber performance","volume":"9","author":"Dawson","year":"2018","journal-title":"Front Psychol"},{"key":"2025082009245075400_bib102","first-page":"11","article-title":"Confidential incident reporting systems create vital awareness of safety problems","volume":"51","author":"O\u2019Leary","year":"1996","journal-title":"ICAO J"},{"key":"2025082009245075400_bib103","doi-asserted-by":"crossref","first-page":"103","DOI":"10.69554\/FARC5224","article-title":"Cyber security: a critical examination of information sharing versus data sensitivity issues for organisations at risk of cyber attack","volume":"7","author":"Mallinder","year":"2014","journal-title":"J Bus Cont Emerg Plan"},{"key":"2025082009245075400_bib104","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3230833.3233284","article-title":"Risks of sharing cyber incident information","volume-title":"Proceedings of the Thirteenth International Conference on Availability, Reliability and Security","author":"Albakri","year":"2018"},{"key":"2025082009245075400_bib105","article-title":"BBl 2023 2296\u2013Bundesgesetz \u00fcber die Informatio\u2026\u00a0","author":"ISG","year":"2023"},{"key":"2025082009245075400_bib106","first-page":"829","volume-title":"Meldepflicht von IT-Sicherheits- und Datenschutzvorf\u00e4llen durch Mitarbeitende\u2014Betrachtung m\u00f6glicher arbeitsrechtlicher Konsequenzen. INFORMATIK 2020","author":"M\u00fcllmann","year":"2021"},{"key":"2025082009245075400_bib107","doi-asserted-by":"publisher","first-page":"e1866","DOI":"10.1097\/PTS.0000000000000690","article-title":"Hospital adverse event reporting systems: a systematic scoping review of qualitative and quantitative evidence","volume":"17","author":"Estrada-Orozco","year":"2021","journal-title":"J Patient Saf"},{"key":"2025082009245075400_bib108","doi-asserted-by":"crossref","first-page":"400","DOI":"10.1136\/qshc.2008.029496","article-title":"The frustrating case of incident-reporting systems","volume":"17","author":"Shojania","year":"2008","journal-title":"BMJ Qual Saf"},{"key":"2025082009245075400_bib109","doi-asserted-by":"crossref","first-page":"842","DOI":"10.1109\/SP46214.2022.9833766","article-title":"Phishing in organizations: findings from a large-scale and long-term study","author":"Lain","year":"2022","journal-title":"Proceedings of the\u00a02022 IEEE Symposium on Security and Privacy (SP)"},{"key":"2025082009245075400_bib110","first-page":"1","article-title":"Report now. Report effectively. Conceptualizing the industry practice for cybercrime reporting","author":"Bidgoli","year":"2019","journal-title":"Proceedings of the\u00a02019 APWG Symposium on Electronic Crime Research (eCrime)"},{"key":"2025082009245075400_bib111","article-title":"Report to CISA","author":"CISA"},{"key":"2025082009245075400_bib112","doi-asserted-by":"publisher","first-page":"1205","DOI":"10.1016\/j.ssci.2007.06.024","article-title":"Incident reporting or storytelling? Competing schemes in a safety-critical and hazardous work setting","volume":"46","author":"Sanne","year":"2008","journal-title":"Saf Sci"},{"key":"2025082009245075400_bib113","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1093\/intqhc\/mzv100","article-title":"Incident and error reporting systems in intensive care: a systematic review of the literature","volume":"28","author":"Brunsveld-Reinders","year":"2016","journal-title":"Int J Qual Health Care"},{"key":"2025082009245075400_bib114","doi-asserted-by":"publisher","first-page":"338:1","DOI":"10.1145\/3476079","article-title":"A case study of phishing incident response in an educational organization","volume":"5","author":"Althobaiti","year":"2021","journal-title":"Proc ACM Hum Comput Interact"},{"key":"2025082009245075400_bib115","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3555090","article-title":"\u201cCyber security is a dark art\u201d: the CISO as Soothsayer","volume":"6","author":"Da\u00a0Silva","year":"2022","journal-title":"Proc ACM Hum Comput Interact"},{"key":"2025082009245075400_bib116","doi-asserted-by":"crossref","first-page":"335","DOI":"10.1007\/978-3-030-95484-0_20","article-title":"Why IT security needs therapy","volume-title":"Proceedings of the Computer Security. ESORICS 2021 International Workshops: CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT&SECOMANE","author":"Menges","year":"2022"},{"key":"2025082009245075400_bib117","doi-asserted-by":"publisher","first-page":"162","DOI":"10.1016\/j.ijnurstu.2016.08.019","article-title":"Barriers to reporting medication errors and near misses among nurses: a systematic review","volume":"63","author":"Vrbnjak","year":"2016","journal-title":"Int J Nurs Stud"},{"key":"2025082009245075400_bib118","doi-asserted-by":"publisher","first-page":"19","DOI":"10.2165\/00002018-200932010-00002","article-title":"Determinants of under-reporting of adverse drug reactions","volume":"32","author":"Lopez-Gonzalez","year":"2009","journal-title":"Drug Saf"},{"key":"2025082009245075400_bib119","article-title":"Get near misses reported","author":"Bridges","year":"2000","journal-title":"Proceedings of the\u00a0International Conference and Workshop on Process Industry Incidents, CCPS\/AICHE"},{"key":"2025082009245075400_bib120","doi-asserted-by":"crossref","first-page":"103880","DOI":"10.1016\/j.cose.2024.103880","article-title":"To report or not to report? Extending protection motivation theory to vulnerability discovery and disclosure","volume":"142","author":"Green","year":"2024","journal-title":"Comput Secur"},{"key":"2025082009245075400_bib121","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-41622-5","article-title":"Cyber victimology: a new sub-discipline of the twenty-first century victimology","volume-title":"An International Perspective on Contemporary Developments in Victimology: A Festschrift in Honor of Marc Groenhuijsen","author":"Jaishankar","year":"2020"},{"key":"2025082009245075400_bib122","doi-asserted-by":"publisher","first-page":"793","DOI":"10.1080\/07421222.2022.2096551","article-title":"Improving phishing reporting using security gamification","volume":"39","author":"Jensen","year":"2022","journal-title":"J Manag Inf Syst"},{"key":"2025082009245075400_bib123","volume-title":"Postmortem Culture: Learning from Failure","author":"Lunney","year":"2017"},{"key":"2025082009245075400_bib124","article-title":"Hall of Fame","author":"BSI"},{"key":"2025082009245075400_bib125","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1146\/annurev-orgpsych-031413-091305","article-title":"Psychological safety: the history, renaissance, and future of an interpersonal construct","volume":"1","author":"Edmondson","year":"2014","journal-title":"Annu Rev Organ Psychol Organ Behav"},{"key":"2025082009245075400_bib126","article-title":"Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation) (Text with EEA relevance)","volume":"119","year":"2016","journal-title":"OJ L"},{"key":"2025082009245075400_bib127","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1016\/j.bpa.2020.04.013","article-title":"Anaesthesia and perioperative incident reporting systems: opportunities and challenges","volume":"35","author":"Arnal-Velasco","year":"2021","journal-title":"Best Pract Res Clin Anaesthesiol"},{"key":"2025082009245075400_bib128","volume-title":"Cyber Security Breaches Survey 2023","author":"Department for Science, Innovation and Technology","year":"2023"},{"key":"2025082009245075400_bib129","doi-asserted-by":"publisher","first-page":"17","DOI":"10.4103\/AIHB.AIHB_80_20","article-title":"Barriers and facilities in reporting medical errors: a systematic review study","volume":"11","author":"Asgarian","year":"2021","journal-title":"Adv Human Biol"},{"key":"2025082009245075400_bib130","doi-asserted-by":"publisher","first-page":"506","DOI":"10.1177\/0193945921999449","article-title":"Barriers to incident reporting among nurses: a qualitative systematic review","volume":"44","author":"Hamed","year":"2022","journal-title":"West J Nurs Res"},{"key":"2025082009245075400_bib131","doi-asserted-by":"crossref","first-page":"468","DOI":"10.1177\/17488958211062359","article-title":"When do businesses report cybercrime? Findings from a UK study","volume":"23","author":"Kemp","year":"2023","journal-title":"Criminol Crim Just"},{"key":"2025082009245075400_bib132","first-page":"12","article-title":"The board\u2019s role in managing cybersecurity risks","volume":"59","author":"Rothrock","year":"2018","journal-title":"MIT Sloan Manag Rev"},{"key":"2025082009245075400_bib133","doi-asserted-by":"crossref","first-page":"104015","DOI":"10.1016\/j.im.2024.104015","article-title":"Case-based learning for cybersecurity leaders: a systematic review and research agenda","volume":"61","author":"Anderson","year":"2024","journal-title":"Inf Manag"},{"key":"2025082009245075400_bib134","doi-asserted-by":"crossref","first-page":"260","DOI":"10.1145\/3617072.3617115","article-title":"Security champions without support: results from a case study with OWASP SAMM in a large-scale e-commerce enterprise","volume-title":"Proceedings of the 2023 European Symposium on Usable Security","author":"Gutfleisch","year":"2023"},{"key":"2025082009245075400_bib135","doi-asserted-by":"publisher","first-page":"21582440211000049","DOI":"10.1177\/21582440211000049","article-title":"Encouraging employee engagement with cybersecurity: how to tackle cyber fatigue","volume":"11","author":"Reeves","year":"2021","journal-title":"Sage Open"},{"key":"2025082009245075400_bib136","doi-asserted-by":"crossref","DOI":"10.24251\/HICSS.2023.739","article-title":"Managing Organizational Cyber Security\u2014The Distinct Role of Internalized Responsibility","volume-title":"Proceedings of the Fifty-Sixth Hawaii International Conference on System Sciences","author":"Faltermaier","year":"2023"},{"key":"2025082009245075400_bib137","article-title":"The influence of anonymity factors on IT security incident reporting","author":"Smith","year":"2020"},{"key":"2025082009245075400_bib138","volume-title":"Datenleck bei Z\u00fcrcher Badis: Daten von 45\u2019000 Badeg\u00e4sten waren online","author":"Orizet","year":"2023"},{"key":"2025082009245075400_bib139","doi-asserted-by":"crossref","first-page":"420","DOI":"10.1108\/ICS-09-2017-0063","article-title":"Establishing information security policy compliance culture in organizations","volume":"26","author":"Amankwa","year":"2018","journal-title":"Inf Comput Secur"},{"key":"2025082009245075400_bib140","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1108\/JBS-06-2020-0116","article-title":"Cybersecurity: investing for competitive outcomes","volume":"43","author":"Kosutic","year":"2020","journal-title":"J Bus Strategy"},{"key":"2025082009245075400_bib141","first-page":"1","article-title":"A systematic review of 2021 Microsoft exchange data breach exploiting multiple vulnerabilities","author":"Pitney","year":"2022","journal-title":"Proceedings of the 2022 Seventh\u00a0International Conference on Smart and Sustainable Technologies (SpliTech)"},{"key":"2025082009245075400_bib142","article-title":"Common Vulnerability Scoring System SIG","author":"FIRST"},{"key":"2025082009245075400_bib143","doi-asserted-by":"publisher","first-page":"1270","DOI":"10.1109\/TDSC.2022.3152164","article-title":"Towards optimal triage and mitigation of context-sensitive cyber vulnerabilities","volume":"20","author":"Hore","year":"2023","journal-title":"IEEE Trans Depend Secure Comput"},{"key":"2025082009245075400_bib144","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1016\/j.cose.2018.02.011","article-title":"A cyber security data triage operation retrieval system","volume":"76","author":"Zhong","year":"2018","journal-title":"Comput Secur"},{"key":"2025082009245075400_bib145","doi-asserted-by":"publisher","first-page":"691","DOI":"10.1007\/s10207-022-00657-9","article-title":"Systematic review of SIEM technology: SIEM-SC birth","volume":"22","author":"L\u00f3pez\u00a0Vel\u00e1squez","year":"2023","journal-title":"Int J Inf Secur"},{"key":"2025082009245075400_bib146","doi-asserted-by":"publisher","first-page":"461","DOI":"10.1016\/j.ccm.2015.05.005","article-title":"Adverse event reporting and quality improvement in the intensive care unit","volume":"36","author":"Heavner","year":"2015","journal-title":"Clin Chest Med"},{"key":"2025082009245075400_bib147","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1518\/001872007X312487","article-title":"A review of medical error reporting system design considerations and a proposed cross-level systems research framework","volume":"49","author":"Holden","year":"2007","journal-title":"Hum Factors"},{"key":"2025082009245075400_bib148","doi-asserted-by":"crossref","first-page":"102122","DOI":"10.1016\/j.cose.2020.102122","article-title":"How can organizations develop situation awareness for incident response: a case study of management practice","volume":"101","author":"Ahmad","year":"2021","journal-title":"Comput Secur"},{"key":"2025082009245075400_bib149","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1007\/978-3-642-27937-9_5","article-title":"\u201cWhy Wasn\u2019t I Notified?\u201d: information security incident reporting demystified","volume-title":"Information Security Technology for Applications","author":"Koivunen","year":"2012"},{"key":"2025082009245075400_bib150","doi-asserted-by":"crossref","first-page":"1102","DOI":"10.1109\/SP54263.2024.00058","article-title":"Shedding light on CVSS scoring inconsistencies: a user-centric study on evaluating widespread security vulnerabilities","author":"Wunder","year":"2024","journal-title":"Proceedings of the\u00a02024 IEEE Symposium on Security and Privacy (SP)"},{"key":"2025082009245075400_bib151","volume-title":"A Review of Accident Modelling Approaches for Complex Critical Sociotechnical Systems","author":"Qureshi","year":"2008"},{"key":"2025082009245075400_bib152","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3546068","article-title":"A systematic analysis of the Capital One data breach: critical lessons learned","volume":"26","author":"Khan","year":"2023","journal-title":"ACM Trans Priv Secur"},{"key":"2025082009245075400_bib153","doi-asserted-by":"publisher","first-page":"698","DOI":"10.1057\/s41288-022-00266-6","article-title":"Cyber risk and cybersecurity: a systematic review of data availability","volume":"47","author":"Cremer","year":"2022","journal-title":"Geneva Pap Risk Insur Iss Pract"},{"key":"2025082009245075400_bib154","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1016\/S1361-3723(09)70127-7","article-title":"The economics of user effort in information security","volume":"2009","author":"Beautement","year":"2009","journal-title":"Comput Fraud Secur"},{"key":"2025082009245075400_bib155","doi-asserted-by":"crossref","first-page":"102222","DOI":"10.1016\/j.cose.2021.102222","article-title":"Examining the role of stress and information security policy design in information security compliance behaviour: an experimental study of in-task behaviour","volume":"104","author":"Trang","year":"2021","journal-title":"Comput Secur"},{"key":"2025082009245075400_bib156","first-page":"145","article-title":"On the possible impact of security technology design on policy adherent user behavior\u2014results from a controlled empirical experiment","volume-title":"SICHERHEIT2018","author":"Kurowski","year":"2018"},{"key":"2025082009245075400_bib157","volume-title":"Sectoral CSIRT Capabilities\u2014Energy and Air Transport","author":"Edgars Taurins.","year":"2020"},{"key":"2025082009245075400_bib158","doi-asserted-by":"publisher","first-page":"1277","DOI":"10.1007\/s10796-022-10274-5","article-title":"Detecting cybersecurity threats: the role of the recency and risk compensating effects","volume":"25","author":"Safi","year":"2022","journal-title":"Inf Syst Front"},{"key":"2025082009245075400_bib159","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1177\/00223433231217687","article-title":"How the process of discovering cyberattacks biases our understanding of cybersecurity","volume":"61","author":"Oppenheimer","year":"2024","journal-title":"J Peace Res"},{"key":"2025082009245075400_bib160","volume-title":"The Human Factors Analysis and Classification System\u2013HFACS","author":"Shappell","year":"2000"},{"key":"2025082009245075400_bib161","article-title":"The Heinrich\/Bird safety pyramid: pioneering research has become a safety myth","author":"Marsden","year":"2021"},{"key":"2025082009245075400_bib163","doi-asserted-by":"crossref","first-page":"308","DOI":"10.1093\/ijpp\/riab030","article-title":"Knowledge, attitude and practice of Malaysian healthcare professionals toward adverse drug reaction reporting: a systematic review","volume":"29","author":"Balan","year":"2021","journal-title":"Int J Pharm Pract"},{"key":"2025082009245075400_bib164","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1136\/bmjqs-2015-004405","article-title":"Patient safety incident reporting: a qualitative study of thoughts and perceptions of experts 15 years after \u2018To Err is Human\u2019","volume":"25","author":"Mitchell","year":"2016","journal-title":"BMJ Qual Saf"},{"key":"2025082009245075400_bib165","first-page":"807","article-title":"Information systems and patient safety incident reports: a systematic review of literature and observational incident reporting system in hospitals","volume":"8","author":"Citra\u00a0Budi","year":"2019","journal-title":"Int J Recent Technol Eng"},{"key":"2025082009245075400_bib166","volume-title":"Improving Aircraft Safety","author":"National Research Council","year":"1980"},{"key":"2025082009245075400_bib167","article-title":"ISO 45001:2018 Occupational health and safety management systems","author":"ISO\/TC 283","year":"2018"},{"key":"2025082009245075400_bib168","article-title":"Incident [Accident] Investigations: a Guide for Employers","author":"OSHA","year":"2015"},{"key":"2025082009245075400_bib169","article-title":"Incident reporting systems in medicine and experience with the aviation safety reporting system","volume-title":"A Tale of Two Stories: Contrasting Views of Patient Safety. Report from a Workshop on Assembling the Scientific Basis for Progress on Patient Safety","author":"Billings","year":"1998"},{"key":"2025082009245075400_bib170","first-page":"237","article-title":"International comparative analyses of incidents reporting systems for healthcare risk management","volume":"11","author":"Cui","year":"2011","journal-title":"Chin J Evid Based Med"},{"key":"2025082009245075400_bib171","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1038\/nrclinonc.2015.222","article-title":"Patient-reported outcomes in the evaluation of toxicity of anticancer treatments","volume":"13","author":"Di\u00a0Maio","year":"2016","journal-title":"Nat Rev Clin Oncol"},{"key":"2025082009245075400_bib172","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1016\/S0001-2092(06)60772-2","article-title":"Incident reports\u2014correcting processes and reducing errors","volume":"78","author":"Dunn","year":"2003","journal-title":"AORN J"},{"key":"2025082009245075400_bib173","doi-asserted-by":"crossref","first-page":"893","DOI":"10.4338\/ACI-2016-02-R-0023","article-title":"Enhancing patient safety event reporting a systematic review of system design features","volume":"8","author":"Gong","year":"2017","journal-title":"Appl Clin Inf"},{"key":"2025082009245075400_bib174","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1093\/bja\/aeq133","article-title":"Critical incident reporting and learning","volume":"105","author":"Mahajan","year":"2010","journal-title":"Br J Anaesth"},{"key":"2025082009245075400_bib175","first-page":"210","article-title":"Barriers to reporting patient safety incident in health care workers: integrative literature review","volume":"9","author":"Nurdin","year":"2021","journal-title":"Indones J Health Admin"},{"key":"2025082009245075400_bib176","doi-asserted-by":"publisher","first-page":"1061","DOI":"10.1016\/S0140-6736(04)15843-1","article-title":"How can clinicians measure safety and quality in acute care?","volume":"363","author":"Pronovost","year":"2004","journal-title":"The Lancet"},{"key":"2025082009245075400_bib177","doi-asserted-by":"publisher","first-page":"380","DOI":"10.1108\/09526860810880180","article-title":"Clinical incident reporting: wrong time, wrong place","volume":"21","author":"Renshaw","year":"2008","journal-title":"Int J Health Care Qual Assur"},{"key":"2025082009245075400_bib178","doi-asserted-by":"publisher","first-page":"801","DOI":"10.1007\/s11096-023-01591-z","article-title":"Factors that influence patient and public adverse drug reaction reporting: a systematic review using the theoretical domains framework","volume":"45","author":"Shafei","year":"2023","journal-title":"Int J Clin Pharm"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf019\/64094490\/tyaf019.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf019\/64094490\/tyaf019.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,20]],"date-time":"2025-08-20T13:25:13Z","timestamp":1755696313000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyaf019\/8238596"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":177,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1,17]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyaf019","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2025]]},"published":{"date-parts":[[2025]]},"article-number":"tyaf019"}}