Affiliation:
1. Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil
Abstract
A data breach is the unauthorized disclosure of sensitive personal data, and it impacts millions of individuals annually in the United States, as reported by Privacy Rights Clearinghouse. These breaches jeopardize the physical safety of the individuals whose data are exposed and result in substantial economic losses for the affected companies. To diminish the frequency and severity of data breaches in the future, it is imperative to research their causes and explore preventive measures. In pursuit of this goal, this study considers a dataset of data breach incidents affecting companies listed on the New York Stock Exchange and NASDAQ. This dataset has been augmented with additional information regarding the targeted company. This paper employs statistical visualizations of the data to clarify these incidents and assess their consequences on the affected companies and individuals whose data were compromised. We then propose mitigation controls based on established frameworks such as the NIST Cybersecurity Framework. Additionally, this paper reviews the compliance scenario by examining the relevant laws and regulations applicable to each case, including SOX, HIPAA, GLBA, and PCI-DSS, and evaluates the impacts of data breaches on stock market prices. We also review guidelines for appropriately responding to data leaks in the U.S., for compliance achievement and cost reduction. By conducting this analysis, this work aims to contribute to a comprehensive understanding of data breaches and empower organizations to safeguard against them proactively, improving the technical quality of their basic services. To our knowledge, this is the first paper to address compliance with data protection regulations, security controls as countermeasures, financial impacts on stock prices, and incident response strategies. Although the discussion is focused on publicly traded companies in the United States, it may also apply to public and private companies worldwide.
Reference93 articles.
1. Financial loss due to a data privacy breach: An empirical analysis;Tripathi;J. Organ. Comput. Electron. Commer.,2020
2. Petkauskas, V. (2024, May 07). Mother of All Breaches Reveals 26 Billion Records. Available online: http://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches.
3. Economic costs and impacts of business data breaches;Wang;Issues Inf. Syst.,2019
4. A survey of compliance issues in cloud computing;Yimam;J. Internet Serv. Appl.,2016
5. Khan, F.S., Kim, J.H., Moore, R.L., and Mathiassen, L. (2019, January 15–17). Data breach risks and resolutions: A literature synthesis. Proceedings of the 25th Americas Conference on Information Systems, Cancún, Mexico.
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献