A longitudinal analysis of data breaches-Reference-Cited by-同舟云学术

A longitudinal analysis of data breaches

Published:2011-10-11 Issue:4 Volume:19 Page:216-230
ISSN:0968-5227
Container-title:Information Management & Computer Security
language:en
Short-container-title:

Author:

Posey Garrison Chlotia,Ncube Matoteng

Abstract

PurposeThe purpose of this research is to provide companies and consumers with information about the potential connections between data breach types and institutions. This study also aims to add to the body of knowledge about data breaches.Design/methodology/approachThis study analyzes a chronology of five years of data breaches. The data were classified and analyzed by breach and institution type, record size, and state. Multiple statistical tests were performed.FindingsBreach types stolen and exposed are statistically more likely to occur. Educational institutions are more likely to have a breach and it is more probable that educational breaches will be of type hacker or exposed. The proportion of insider incidents is smaller than the other breach types. The number of records breached is independent of institution and breach type.Research limitations/implicationsOnly those breaches with a specified number of records are included. The information used may have been updated after our analysis, usually a change in the number of records identified.Practical implicationsAdditional knowledge about characteristics of data breaches and the relationship between breach types and institution types will enable both businesses and consumers to be more effective in protecting sensitive information. Businesses will be able to create security budgets based on risk factors and consumers will be more aware of the risks of providing sensitive information.Originality/valueThis study provides a longitudinal analysis covering five years of data breaches and analyzes the relationship between five breach types and six types of institutions.

Publisher

Emerald

Subject

Library and Information Sciences,Management Science and Operations Research,Business and International Management,Management Information Systems

Reference22 articles.

1. Baker, W., Hutton, A., Hylender, C., Novak, C., Porter, C., Sartin, B., Tippett, P. and Valentine, J. (2009), 2009 Data Breach Investigations Report, available at: http://verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf (accessed 12 August 2010).

2. Belsis, P., Kokolakis, S. and Kiountouzis, E. (2005), “Information systems security from a knowledge management perspective”, Information Management & Computer Security, Vol. 13 No. 3, pp. 189‐202.

3. CERT (2008), Governing for Enterprise Security, Computer Emergency Readiness Team, available at: http://cert.org/governance (accessed 12 August 2010).

4. Choi, N., Kim, D., Goo, J. and Whitmore, A. (2008), “Knowing is doing: an empirical validation of the relationship between managerial information security awareness and action”, Information Management & Computer Security, Vol. 16 No. 5, pp. 484‐501.

5. Curtin, M. and Ayres, L. (2008), “Using science to combat data loss: analyzing breaches by type and industry”, I/S: A Journal of Law and Policy for the Information Society, Vol. 4 No. 3, pp. 569‐601.

Cited by 27 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Neuroimaging insights into breaches of consumer privacy: Unveiling implicit brain mechanisms;Journal of Business Research;2024-09

2. An Information Security Awareness Model For Bring Your Own Devices: Case Study of a University in Kenya;2024-04-05

3. Exploring the Characteristics of Data Breaches: A Descriptive Analytic Study;Journal of Information Security;2024

4. Cyber Insurance Valuation with Endogenous Cyber Loss;2024

5. Exploring Key Issues in Cybersecurity Data Breaches: Analyzing Data Breach Litigation with ML-Based Text Analytics;Information;2023-11-05