Determinants of cyber-incidents among small and medium US cities

Cyber-incidents threaten the confidentiality, efficiency, and integrity of digital information systems, causing privacy risks, economic losses, and reputational damages, and exposing managerial limitations. Although these phenomena are becoming more frequent in public agencies, research to date has mainly focused on private sector organizations and individuals. In this study, we contribute to the broader literature on cyber-incidents by exploring the drivers of both security breaches and unauthorized data disclosures in public organizations. Drawing from routine activity theory, we develop hypotheses on the determinants of cyber-incidents in departments in small and medium-sized US cities and test them using data from a national survey of public managers. Our findings suggest that both environmental and organizational factors are key determinants of cyber-incidents in city government. The results demonstrate the application of routine activity theory to public sector organizations and identify external and internal elements related to cyber-incidents in city government departments.