{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,16]],"date-time":"2026-06-16T05:36:57Z","timestamp":1781588217124,"version":"3.54.5"},"reference-count":84,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2018,12,13]],"date-time":"2018-12-13T00:00:00Z","timestamp":1544659200000},"content-version":"vor","delay-in-days":346,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,1,1]]},"DOI":"10.1093\/cybsec\/tyy006","type":"journal-article","created":{"date-parts":[[2018,10,16]],"date-time":"2018-10-16T14:25:10Z","timestamp":1539699910000},"source":"Crossref","is-referenced-by-count":242,"title":["A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate"],"prefix":"10.1093","volume":"4","author":[{"given":"Ioannis","family":"Agrafiotis","sequence":"first","affiliation":[{"name":"Department of Computer Science, University of Oxford, Oxford, OX1 3QD, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jason R C","family":"Nurse","sequence":"additional","affiliation":[{"name":"School of Computing, University of Kent, Canterbury, CT2 7NF, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Michael","family":"Goldsmith","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Oxford, Oxford, OX1 3QD, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sadie","family":"Creese","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Oxford, Oxford, OX1 3QD, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"David","family":"Upton","sequence":"additional","affiliation":[{"name":"Sa\u00efd Business School, University of Oxford, Oxford, OX1 1HP, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"286","published-online":{"date-parts":[[2018,10,16]]},"reference":[{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B1","author":"ISACA","year":"2018"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B2","author":"National Institute of Standards Technology","year":"2018"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B3","author":"Oxford English Dictionary","year":"2013"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B4","doi-asserted-by":"crossref","first-page":"1497","DOI":"10.2307\/3311506","article-title":"Harm and punishment: a critique of emphasis on the results of conduct in the criminal law","volume":"122","author":"Schulhofer","year":"1974","journal-title":"UPa L Rev"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B5","volume-title":"Medical Harm: Historical, Conceptual, and Ethical Dimensions of Iatrogenic Illness. 1998","author":"Sharpe","year":"1974"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B6","first-page":"27","article-title":"Crime and the concept of harm","volume":"15","author":"Kleinig","year":"1978","journal-title":"Am Philos Q"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B7","first-page":"192","article-title":"Risk factors for and functions of deliberate self-harm: an empirical and conceptual review","volume":"10","author":"Gratz","year":"2006","journal-title":"Clin Psychol"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B8","first-page":"836","article-title":"How do environmental violation events harm corporate reputation?","volume":"24","author":"Zou","year":"2015","journal-title":"BSE"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B9","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1109\/MSP.2010.37","article-title":"How Internet security breaches harm market value","volume":"8","author":"Andoh-Baidoo","year":"2010","journal-title":"IEEE Secur Priv"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B10","volume-title":"Chancellor\u2019s Speech to GCHQ on Cyber Security","author":"U. K. Government","year":"2018"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B11","author":"New Zealand Government. Risk Assessment Process: Information Security","year":"2018"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B12","author":"UVM","year":"2018"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B13","volume-title":"Security Risk Management Glossary","author":"ENISA","year":"2018"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B14","year":"2004"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B15","volume-title":"Risk Society: Towards a New Modernity","author":"Beck","year":"1992"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B16","volume-title":"The Consequences of Modernity","author":"Giddens","year":"1990"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B17","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1177\/0263276402019004003","article-title":"The terrorist threat: world risk society revisited","volume":"19","author":"Beck","year":"2002","journal-title":"Theory Cult Soc"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B18","doi-asserted-by":"crossref","DOI":"10.1093\/oxfordhb\/9780199925513.001.0001","volume-title":"The Oxford Handbook of White-Collar Crime","author":"Van Slyke","year":"2016"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B19","doi-asserted-by":"crossref","first-page":"864","DOI":"10.1093\/bjc\/azt018","article-title":"A framework to assess the harms of crimes","volume":"53","author":"Greenfield","year":"2013","journal-title":"Br J Criminol"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B20","doi-asserted-by":"crossref","first-page":"87","DOI":"10.1108\/S1521-6136(2011)0000016008","volume-title":"Economic Crisis and Crime","author":"Levi","year":"2011"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B21","doi-asserted-by":"crossref","first-page":"166","DOI":"10.1111\/1468-2311.00199","article-title":"White-collar crime and secondary victimization: an analysis of the effects of the closure of BCCI","volume":"40","author":"Spalek","year":"2001","journal-title":"Howard J Crim Just"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B22","first-page":"13","article-title":"Cybercrime metrics: old wine, new bottles?","volume":"9","author":"Brenner","year":"2004","journal-title":"Va. JL & Tech"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B23","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1109\/MSP.2016.64","article-title":"What\u2019s new in the economics of cybersecurity?","volume":"14","author":"Felici","year":"2016","journal-title":"IEEE Secur Priv"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B24","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1007\/978-3-642-39498-0_12","article-title":"Measuring the cost of cybercrime","author":"Anderson","year":"2013","journal-title":"The Economics of Information Security and Privacy"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B25","doi-asserted-by":"crossref","first-page":"610","DOI":"10.1126\/science.1130992","article-title":"The economics of information security","volume":"314","author":"Anderson","year":"2006","journal-title":"Science"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B26","first-page":"103","article-title":"The economics of cybersecurity: principles and policy options","volume":"3","author":"Moore","year":"2010","journal-title":"IJCIP"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B27","author":"Punter","year":"2016"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B28","author":"Lloyds of London","year":"2018"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B29","author":"Klahr","year":"2017"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B30","first-page":"55","volume-title":"ISSE 2008 Securing Electronic Business Processes","author":"Anderson","year":"2009"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B31","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1093\/cybsec\/tyw002","article-title":"The economics of mandatory security breach reporting to authorities","volume":"2","author":"Laube","year":"2016","journal-title":"J Cybersecur"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B32","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1109\/MSP.2006.27","article-title":"The simple economics of cybercrimes","volume":"4","author":"Kshetri","year":"2006","journal-title":"IEEE Secur Priv"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B33","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1093\/cybsec\/tyw003","article-title":"Hype and heavy tails: a closer look at data breaches","volume":"2","author":"Edwards","year":"2016","journal-title":"J Cybersecur"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B34","volume-title":"In: International Conference on Applied Human Factors and Ergonomics","author":"Nguyen","year":"2017"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B35","author":"Why it pays to complain via Twitter","year":"2014"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B36","doi-asserted-by":"crossref","first-page":"544","DOI":"10.1109\/TSE.2007.70712","article-title":"An empirical analysis of the impact of software vulnerability announcements on firm stock price","volume":"33","author":"Telang","year":"2007","journal-title":"IEEE Trans Softw Eng"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B37","author":"Acquisti","year":"2006"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B38","first-page":"70","article-title":"The effect of internet security breach announcements on market value: capital market reactions for breached firms and internet security developers","volume":"9","author":"Cavusoglu","year":"2004","journal-title":"IJEC"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B39","author":"Kvochko","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B40","first-page":"97","article-title":"The impact of denial-of-service attack announcements on the market value of firms","volume":"6","author":"Hovav","year":"2003","journal-title":"RMIR"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B41","doi-asserted-by":"crossref","first-page":"431","DOI":"10.3233\/JCS-2003-11308","article-title":"The economic cost of publicly announced information security breaches: empirical evidence from the stock market","volume":"11","author":"Campbell","year":"2003","journal-title":"J Comput Secur"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B42","first-page":"69","article-title":"Market reactions to information security breach announcements: an empirical analysis","volume":"12","author":"Kannan","year":"2007","journal-title":"IJEC"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B43","author":"World Economic Forum"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B44","doi-asserted-by":"crossref","first-page":"2261","DOI":"10.1016\/j.compedu.2011.06.014","article-title":"Cyber victim and bullying scale: a study of validity and reliability","volume":"57","author":"\u00c7etin","year":"2011","journal-title":"Comput Educ"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B45","first-page":"4","article-title":"Protecting children and teens from cyber-harm","volume":"25","author":"Harvard Mental Health Letter","year":"2008","journal-title":"Harvard Health Pubs"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B46","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1162\/ISEC_a_00136","article-title":"The myth of cyberwar: bringing war in cyberspace back down to earth","volume":"38","author":"Gartzke","year":"2013","journal-title":"Int Secur"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B47","volume-title":"Analyzing Computer Security: A Threat\/Vulnerability\/Countermeasure Approach","author":"Charles","year":"2012"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B48","first-page":"327","author":"Kesan","year":"2010"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B49","author":"US Department of Homeland Security","year":"2018"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B50","author":"Titcomb J. Ukrainian blackout blamed on cyber-attack","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B51","author":"Greenberg A. Hackers remotely killed a jeep on the highway- with me in it","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B52","author":"Lee T. Forget the Ashley Madison or Sony Hacks \u2013 a crippling cyberattack is imminent in the US","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B53","article-title":"Cyber harm: concepts, taxonomy and measurement","volume":"23","author":"Agrafiotis","year":"2016","journal-title":"Sa\u00efd Business School Working Paper"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B54","author":"Paolo Passeri, Hackmageddon","year":"2016"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B55","author":"Veris Community","year":"2018"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B56","author":"UK Government and Marsh, Ltd"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B57","author":"Hess A. Inside the Sony hack","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B58","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1111\/j.1365-2648.2007.04569.x","article-title":"The qualitative content analysis process","volume":"62","author":"Elo","year":"2008","journal-title":"J Adv Nurs"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B59","doi-asserted-by":"crossref","first-page":"1277","DOI":"10.1177\/1049732305276687","article-title":"Three approaches to qualitative content analysis","volume":"15","author":"Hsieh","year":"2005","journal-title":"Qual Health Res"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B60","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1007\/s10611-007-9078-0","article-title":"Social harm future (s): exploring the potential of the social harm approach","volume":"48","author":"Pemberton","year":"2007","journal-title":"Crime Law Soc Change"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B61","author":"The Parliament of the Commonwealth of Australia","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B62","author":"Gizmodo","year":"2014"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B63","author":"InfoSec Institute","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B64","author":"Dark Reading","year":"2011"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B65","author":"Ashley","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B66","author":"Variety","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B67","author":"PwC","year":"2011"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B68","author":"The Huffington Post","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B69","author":"White L. and Bergin T. Tesco says $3million stolen in cyber theft, resumes service","year":"2016"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B70","author":"Talktalk hackers go on \u00a3600 spending spree with stolen card details as boss says its too early to consider compensation","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B71","author":"McDaid L. Talktalk cyber-attack: county Londonderry man targeted","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B72","author":"Top data security expert fears traumatic aftermath in Ashley Madison hack","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B73","author":"Sony seeking more cybersecurity staff amid hack","year":"2014"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B74","author":"JP Morgan security exec reassigned after breach","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B75","doi-asserted-by":"crossref","DOI":"10.2172\/751004","volume-title":"A common language for computer security incidents","author":"Howard","year":"1998"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B76","author":"JP Morgan Chase reveals massive data breach affecting 76m households","year":"2014"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B77","year":"2015"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B78","author":"Krebs on Security","year":"2017"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B79","author":"Singapore personal data hack hits 1. 5m, health authority says","year":"2018"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B80","year":"2018"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B81","author":"Uber concealed huge data breach","year":"2017"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B82","volume-title":"Leading Issues in Information Warfare & Security Research","author":"Hutchins","year":"2011"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B83","author":"Infosec Institute","year":"2016"},{"key":"key\n\t\t\t\t2019012508580036300_tyy006-B84","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1186\/s13174-017-0059-y","article-title":"Mapping the coverage of security controls in cyber insurance proposal forms","volume":"8","author":"Woods","year":"2017","journal-title":"JISA"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/cybersecurity\/article-pdf\/4\/1\/tyy006\/27126934\/tyy006.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,4]],"date-time":"2022-09-04T02:49:05Z","timestamp":1662259745000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyy006\/5133288"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,1,1]]},"references-count":84,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2018,10,16]]},"published-print":{"date-parts":[[2018,1,1]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyy006","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2018]]},"published":{"date-parts":[[2018,1,1]]}}}