Classifying Information Systems Risks: What Have We Learned So Far?
Understanding the risks caused by relying on information systems is an enduring research stream in the Information Systems (IS) discipline. With information systems becoming ubiquitous, IS risks permeate every aspect of life and effective risk mitigation increasingly requires a holistic structure. We use the largest and oldest publicly available risk collection to understand the developments of IS risks, its characteristics, and interdependencies. We review this data set using text mining techniques. Interestingly, we find that some types of IS risks tend to reoccur. We find that this database provides rich opportunities for learning from previous mistakes, which could help avoid similar problems in the future. Our contributions to the theoretic field include the differentiation between controllable and reoccurring risks and the growing complexity and interconnection of IS risks that demand a holistic perspective on IS risks. As implications for the practical field, we provide a basis for learning from past IS risks and an initial structure. This research will be presented at the 46th Hawaii International Conference on System Sciences (HICSS) in January 2013.