An Exploratory Literature Review of Efforts Towards Improving Cybersecurity

Data breaches and software vulnerabilities are increasingly severe problems that incur both monetary and reputational costs for companies as well as societal impacts. While companies have clear monetary and legal incentives to mitigate risk of data breaches, companies have significantly less incentive to mitigate software product vulnerabilities, and their existing incentive is widely considered insufficient. In this thesis, I initially set out to perform a statistical analysis correlating company characteristics and behavior with the characteristics of the data breaches they suffer, as well as performing a metaanalysis of existing literature. While the attempted statistical analysis was hindered by lack of sufficiently comprehensive free company datasets, I have recorded my efforts in finding suitable databases. I have also performed an exploratory literature review of 15 papers in the field of improving cybersecurity, and identified four blockers to security addressed and three elements of solutions proposed by the papers, as well as derived insights from the distribution of these blockers and elements of solutions in the papers reviewed.