Determinants of cyber-incidents among small and medium US cities

Mattia Caldarulo, Eric W. Welch, Mary K. Feeney

Research output: Contribution to journalArticlepeer-review

6 Scopus citations


Cyber-incidents threaten the confidentiality, efficiency, and integrity of digital information systems, causing privacy risks, economic losses, and reputational damages, and exposing managerial limitations. Although these phenomena are becoming more frequent in public agencies, research to date has mainly focused on private sector organizations and individuals. In this study, we contribute to the broader literature on cyber-incidents by exploring the drivers of both security breaches and unauthorized data disclosures in public organizations. Drawing from routine activity theory, we develop hypotheses on the determinants of cyber-incidents in departments in small and medium-sized US cities and test them using data from a national survey of public managers. Our findings suggest that both environmental and organizational factors are key determinants of cyber-incidents in city government. The results demonstrate the application of routine activity theory to public sector organizations and identify external and internal elements related to cyber-incidents in city government departments.

Original languageEnglish (US)
Article number101703
JournalGovernment Information Quarterly
Issue number3
StatePublished - Jul 2022


  • Cyber-incidents
  • Cybercrime
  • Cybersecurity
  • Routine activity theory
  • Security breaches
  • Unauthorized data disclosures

ASJC Scopus subject areas

  • Sociology and Political Science
  • Library and Information Sciences
  • Law


Dive into the research topics of 'Determinants of cyber-incidents among small and medium US cities'. Together they form a unique fingerprint.

Cite this