Publications
Publications
Show Results For
- All HBS Web
(130)
- Faculty Publications (53)
Page 1 of 53
Results →
- May–June 2025
- Article
Balancing Digital Safety and Innovation
By: Tomomichi Amano and Tomomi Tanaka
Designers of consumer-facing digital products have tended to focus on novelty and speed (“move fast and break things”). They’ve spent more effort on innovating than on anticipating how customers—and bad actors—might engage with products. But as digital products become... View Details
- April 2025 (Revised April 2025)
- Case
JPMorganChase: Leadership in the Age of GenAI
By: Iavor I. Bojinov, Karim R. Lakhani and David Lane
This case study examines JPMorgan Chase's (JPMC) journey in adopting and implementing Generative AI (GenAI) following the release of ChatGPT. It outlines JPMC's initial cautious approach focused on data security, followed by strategic investments in internal platforms... View Details
Keywords: Banks and Banking; Governance Controls; Information Technology; AI and Machine Learning; Analytics and Data Science; Cybersecurity; Digital Platforms; Digital Transformation; Information Management; Information Infrastructure; Technology Adoption; Job Cuts and Outsourcing; Knowledge Management; Knowledge Sharing; Leading Change; Growth and Development Strategy; Marketing; Product Development; Performance Improvement; Customization and Personalization; Financial Services Industry; United States
- January 2025
- Technical Note
AI vs Human: Analyzing Acceptable Error Rates Using the Confusion Matrix
By: Tsedal Neeley and Tim Englehart
This technical note introduces the confusion matrix as a foundational tool in artificial intelligence (AI) and large language models (LLMs) for assessing the performance of classification models, focusing on their reliability for decision-making. A confusion matrix... View Details
- January 2025
- Case
Cyber Oversight: SolarWinds Board of Directors
By: Lynn S. Paine
In 2020, just two years after its IPO, information technology company SolarWinds discovered that it was the victim of an attack on its information systems by Russian hackers. The incident, known as the Sunburst attack, was costly for the company, and certain... View Details
- November 2024
- Case
FedEx Cyberattack (A): Navigating the NotPetya Storm
By: Hise Gibson, Frank Nagle, Alicia Dadlani and Martha Hostetter
In 2017, FedEx’s European division — acquired the year before for $5 billion — was hit by a devastating cyberattack that destroyed thousands of computers and business systems across several countries. Corporate Chief Information Officer Rob Carter put the company’s... View Details
- November 2024
- Supplement
FedEx Cyberattack (B): Reflections and Lessons
By: Hise Gibson, Frank Nagle, Alicia Dadlani and Martha Hostetter
Set in 2024, this (B) case provides an update to the (A) case (no. 625-049) about a devastating cyberattack that destroyed thousands of computers and business systems at FedEx’s European division in 2017. It describes lessons learned and changes made in the wake of the... View Details
- October 2024
- Case
EU's Digital Services Act and Digital Markets Act
By: David B. Yoffie and Sarah von Bargen
Since the early 2020s, the EU began passing regulations on digital platforms and their marketplaces. One of the first was the Digital Services Act package, consisting of the Digital Services Act (DSA) and the Digital Markets Act (DMA). These regulations were focused on... View Details
- 2024
- Working Paper
Navigating Software Vulnerabilities: Eighteen Years of Evidence from Medium and Large U.S. Organizations
By: Raviv Murciano-Goroff, Ran Zhuo and Shane Greenstein
How prevalent are severe software vulnerabilities, how fast do software users respond to the availability of secure versions, and what determines the variance in the installation distribution? Using the largest dataset ever assembled on user updates, tracking server... View Details
- March 2024
- Teaching Note
CyberArk: Fearlessly Forward in a Digital World
By: David B. Yoffie
Teaching Note for HBS Case No. 724-382. CyberArk was a leader in privileged access management and was an emerging leader in security identity. This case explores strategies in cybersecurity and whether big bets are needed to become a global leader. View Details
- March 2024
- Teaching Note
SolarWinds Confronts SUNBURST
By: Frank Nagle and David Lane
Teaching Note for HBS Case Nos. 723-357 & 723-368. View Details
- March 2024 (Revised August 2024)
- Case
Darktrace: Scaling Cybersecurity and AI (A)
By: Jeffrey F. Rayport and Alexis Lefort
In 2023, Darktrace CEO Poppy Gustafsson was contemplating her growth strategy at a leading U.K.-based cybersecurity venture, launched in 2013 by a group of anti-terror cyber specialists, University of Cambridge mathematicians, and artificial intelligence (AI) experts.... View Details
Keywords: Technology; Talent; Scaling; Entrepreneurship; Cybersecurity; Leadership; Business Growth and Maturation; Recruitment; Resignation and Termination; AI and Machine Learning; Growth and Development Strategy; Organizational Culture; Going Public; Technology Industry; United Kingdom; Europe; United States
- March 2024 (Revised August 2024)
- Supplement
Darktrace: Scaling Cybersecurity and AI (B)
By: Jeffrey F. Rayport and Alexis Lefort
- February 2024 (Revised May 2024)
- Case
Johnson Security Bureau: Building Multigenerational Success
By: Henry McGee, Annelena Lobb and David Muoser
Jessica Johnson-Cope, CEO of Johnson Security Bureau (JSB), pondered options for scaling the firm. JSB was the oldest Black-owned security firm in New York, and among the oldest Black-owned security firms in the United States. It provided mostly unarmed security guards... View Details
- December 2023
- Case
TikTok: The Algorithm Will See You Now
By: Shikhar Ghosh and Shweta Bagai
In a world where attention is a scarce commodity, this case explores the meteoric rise of TikTok—an app that transformed from a niche platform for teens into the most visited domain by 2021—surpassing even Google. Its algorithm was a sophisticated mechanism for... View Details
- 2023
- Article
MoPe: Model Perturbation-based Privacy Attacks on Language Models
By: Marvin Li, Jason Wang, Jeffrey Wang and Seth Neel
Recent work has shown that Large Language Models (LLMs) can unintentionally leak sensitive information present in their training data. In this paper, we present Model Perturbations (MoPe), a new method to identify with high confidence if a given text is in the training... View Details
- October 2023 (Revised March 2024)
- Case
Fortinet: Cybersecurity Pioneer Ken Xie Considers the Long Game
By: Tsedal Neeley, Jeff Huizinga and Emily Grandjean
Ken Xie, cofounder of cybersecurity giant Fortinet, faced a critical decision that would validate his leadership. Fortinet became the industry’s second-largest pureplay cybersecurity firm by developing differentiated hardware and investing in R&D. However, after a... View Details
- 2023
- Working Paper
Black-box Training Data Identification in GANs via Detector Networks
By: Lukman Olagoke, Salil Vadhan and Seth Neel
Since their inception Generative Adversarial Networks (GANs) have been popular generative models across images, audio, video, and tabular data. In this paper we study whether given access to a trained GAN, as well as fresh samples from the underlying distribution, if... View Details
- September 2023 (Revised June 2024)
- Case
CyberArk: Fearlessly Forward in a Digital World
By: David B. Yoffie and Daniela Beyersdorfer
CyberArk was a leader in privileged access management and was an emerging leader in security identity. This case explores strategies in cybersecurity and whether big bets are needed to become a global leader. View Details
- 24 Apr 2023 - 27 Apr 2023
- Conference Presentation
Diversity, Equity, & Inclusion: The Paradoxical Effect & Impact on Security
By: J. Carlos Vega, Hise O. Gibson, Nicole Gilmore and Larry Whiteside Jr.
Diversity, Equity, & Inclusion (DEI) is necessary to create the world class teams we need to defend against advanced threats and adversaries; however, the approach that most take often fails spectacularly. The panel challenges the current practices, the failings, and... View Details
- March 2023 (Revised June 2023)
- Teaching Note
Ransomware Attack at Springhill Medical Center
By: Suraj Srinivasan and Li-Kuan (Jason) Ni
Teaching Note for HBS Case No. 123-065. In July, 2019, Springhill Medical Center (“SMC”) in Mobile, Alabama fell prey to a malicious ransomware attack that crippled the hospital’s internal network systems and public-facing web page. While the hospital rushed to... View Details
Keywords: Disruption; Communication; Communication Strategy; Decision Making; Decision Choices and Conditions; Judgments; Corporate Accountability; Corporate Disclosure; Corporate Governance; Governance Controls; Policy; Employees; News; Cybersecurity; Digital Strategy; Information Infrastructure; Information Management; Internet and the Web; Crisis Management; Business or Company Management; Resource Allocation; Risk Management; Negotiation Tactics; Failure; Business and Stakeholder Relations; Attitudes; Behavior; Perception; Reputation; Trust; Public Opinion; Social Issues; Health Industry; Alabama; United States