Classifying Information Systems Risks: What Have We Learned So Far?

Understanding the risks caused by relying on information systems is an enduring research stream in the Information Systems (IS) discipline. With information systems becoming ubiquitous, IS risks permeate every aspect of life and effective risk mitigation increasingly requires a holistic structure. We use the largest and oldest publicly available risk collection to understand the developments of IS risks, its characteristics, and interdependencies. We review this data set using text mining techniques. Interestingly, we find that some types of IS risks tend to reoccur. We find that this database provides rich opportunities for learning from previous mistakes, which could help avoid similar problems in the future. Our contributions to theory includes a risk-taker\u27s view on contemporary information systems, a differentiation between controllable and reoccurring risks, and the increased interconnection of IS risks. As implications for practice we provide a basis for learning from past IS risks and an initial structure