Search

Your search keyword '"Data breach"' showing total 2,580 results
Start Over Descriptor "Data breach"
2,580 results on '"Data breach"'

1. A Preemptive and Curative Solution to Mitigate Data Breaches: Corporate Social Responsibility as a Double Layer of Protection.

Author

Zhu, John JianJun, Tuo, Ling, You, Yanfen, Fei, Qiang, and Thomson, Matthew

Subjects
DATA security failures, SOCIAL responsibility of business, PREVENTION, DATA protection, EMPLOYEE morale, CORPORATE image, CUSTOMER relations, SUPPLIERS
Abstract

Data breaches have the potential to weaken employee morale, corporate reputations, and customer and supplier relationships, while also disrupting marketing investments and financial performance. Research on reducing their frequency and harm focuses on tactical solutions, though breaches represent serious, even existential threats to firms. To date, research has not attempted to simultaneously address the closely connected phenomena of preventing and recovering from data breaches. The authors propose that corporate social responsibility (CSR) is a strategic variable offering dual protection: reducing the likelihood of data breaches and attenuating harm when breaches occur. Drawing on stakeholder theory, the authors distinguish between internal (addressing primary stakeholders) and external (addressing secondary stakeholders) CSR. Study 1 shows that external CSR has no prophylactic effect, while moderate and high levels of internal CSR are equally effective at preventing data breaches, compared with low levels of internal CSR. Study 2 assesses mitigation following a data breach by examining (1) short-term effects (in the form of an event study on cumulative abnormal returns) and (2) long-term effects (with time-series analysis of Tobin's q). The results suggest that internal CSR props up financial performance only at high levels while the positive effect of external CSR is short-lived. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

3. Information Technology Innovativeness and Data-Breach Risk: A Longitudinal Study.

Author

Wang, Qian, Ngai, Eric W. T., Pienta, Daniel, and Thatcher, Jason Bennett

Subjects
INFORMATION technology, DATA security failures, TECHNOLOGICAL innovations, ORGANIZATIONAL learning, LONGITUDINAL method, SECURITY systems
Abstract

The adoption of new Information Technology (IT) innovations has led to increased uncertainty among employees, a greater demand for security measures, and more entry points for cyber-attacks, which all increase the risk of data breaches for firms. Despite the prevalence of discussions around this issue, there has been a lack of empirical research examining the data breach risk associated with IT innovations. To address this gap, we have developed arguments based on an organizational learning theoretical framework that explains how IT innovativeness can exacerbate data breach risk. Through our analysis of a sample of data breaches that occurred between 2013 and 2021, we have discovered that there is a positive association between firm IT innovativeness and the risk of data breaches. We also find that the effects of IT innovativeness can vary under certain conditions. For example, we find that the positive relationship between IT innovativeness and data breach risk is mitigated when managers possess IT expertise or when firms have established extensive board connections with cybersecurity managers. Moreover, we find that the relationship between IT innovativeness and data breach risk is amplified in complex environments but not in dynamic or munificent ones. This study takes the lead in advancing the theoretical understanding and empirical validation of security-related risks associated with IT innovations. Moreover, our findings serve as a timely reminder for research and practice to carefully consider the implications of introducing novel technologies into firms and the potential dark side consequences that may arise. Additionally, this study underscores the importance of understanding organizational learning in risk assessment and change management, as well as the critical role of contextual factors in moderating the unintended security-related consequences linked to IT innovations. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

4. 基于扩散式差分隐私的联邦学习数据保护方法.

Author

雷靖鹏 and 任诚

Abstract

Copyright of Telecommunication Engineering is the property of Telecommunication Engineering and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published
2024
Full Text
View/download PDF

6. Securing data and preserving privacy in cloud IoT-based technologies an analysis of assessing threats and developing effective safeguard.

Author

Pathak, Mayank, Mishra, Kamta Nath, and Singh, Satya Prakash

Abstract

The Internet of Things (IoT) is a powerful technology adopted in various industries. Applications of the IoT aim to enhance automation, productivity, and user comfort in a cloud and distributive computing environment. Cloud computing automatically stores and analyzes the large amounts of data generated by IoT-based applications. Cloud computing has become a crucial component of the information age through easier data administration and storage. Currently, government agencies, commercial enterprises, and end users are rapidly migrating their data to cloud environments. This may require end-user authentication, greater safety, and data recovery in the event of an attack. A few issues were discovered by authors after analysis and assessments of various aspects of the published research papers. The research analysis reveals that the existing methods need to be further improved to address the contemporary dangers related to data security and privacy. Based on the research reports, it can be stated that safe end-to-end data transmission in a cloud-IoT environment requires modifications and advancements in the design of reliable protocols. Upcoming technologies like blockchain, machine learning, fog, and edge computing mitigate data over the cloud to some level. The study provides a thorough analysis of security threats including their categorization, and potential countermeasures to safeguard our cloud-IoT data. Additionally, the authors have summarized cutting-edge approaches like machine learning and blockchain technologies being used in the data security privacy areas. Further, this paper discusses the existing problems related to data privacy and security in the cloud-IoT environment in today’s world and their possible future directions. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

7. How APIs Create Growth by Inverting the Firm.

Author

Benzell, Seth G., Hersh, Jonathan, and Van Alstyne, Marshall

Subjects
MARKET capitalization, DATA security failures, MARKET value, DIGITAL technology, BUSINESS ecosystems
Abstract

Traditional asset management strategy has emphasized building barriers to entry or closely guarding unique assets to maintain a firm's comparative advantage. A new "inverted firm" paradigm, however, has emerged. Under this strategy, firms share data seeking to become platforms by opening digital services to third parties and capturing part of their external surplus. This contrasts with a "pipeline" strategy where the firm itself creates value. This paper quantitatively estimates the effect of adopting an inverted firm strategy through the lens of application programming interfaces (APIs), a key enabling technology. Using both public data and those of a private API development firm, we document rapid growth of the API network and connecting apps since 2005. We then perform difference-in-difference and synthetic control analyses and find that public firms adopting public APIs grew an additional 38.7% over 16 years relative to similar nonadopters. We find no significant effect from the use of APIs purely for internal productivity: the pipeline strategy. Within the subset of firms that adopt public APIs, those that attract more third-party complementors and those that become more central to the network see faster growth. Using variation in network centrality caused by API degradation, an instrumental variables analysis confirms a causal role for APIs in firm market value. Finally, we document an important downside of public APIs: increased risk of data breach. Overall, these facts lead us to conclude that APIs have a large and positive impact on economic growth and do so primarily by enabling an inverted firm strategy. This paper was accepted by D. J. Wu, information systems. Funding: This work was partially supported by Mulesoft and Apigee Corporation. Supplemental Material: The data files and online appendix are available at https://doi.org/10.1287/mnsc.2023.4968. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

9. Modelling user notification scenarios in privacy policies

Author

Mikhail Kuznetsov, Evgenia Novikova, and Igor Kotenko

Subjects
Privacy policy, Formal representation, Ontology, Personal data, Data processor obligation, Data breach, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95
Abstract

Abstract The processing of personal data gives a rise to many privacy concerns, and one of them is to ensure the transparency of data processing to end users. Usually this information is communicated to them using privacy policies. In this paper, the problem of user notification in case of data breaches and policy changes is addressed, besides an ontology-based approach to model them is proposed. To specify the ontology concepts and properties, the requirements and recommendations for the legislative regulations as well as existing privacy policies are evaluated. A set of SPARQL queries to validate the correctness and completeness of the proposed ontology are developed. The proposed approach is applied to evaluate the privacy policies designed by cloud computing providers and IoT device manufacturers. The results of the analysis show that the transparency of user notification scenarios presented in the privacy policies is still very low, and the companies should reconsider the notification mechanisms and provide more detailed information in privacy policies.

Published
2024
Full Text
View/download PDF

10. Individual Differences in Psychological Stress Associated with Data Breach Experiences

Author

Christopher R. Sears and Daniel R. Cunningham

Subjects
data breach, psychology, stress, anxiety, digital security, Technology (General), T1-995
Abstract

Data breach incidents are now a regular occurrence, with millions of people affected worldwide. Few studies have examined the psychological aspects of data breach experiences, however, or the individual differences that influence how people react to these events. In this study, we examined the psychological stress associated with a personal experience with a data breach and several individual differences hypothesized to modulate such stress (age, gender, digital security awareness and expertise, trait anxiety, negative emotionality, and propensity to worry). A student sample (N = 166) and a community sample (N = 359) completed an online survey that asked participants to describe their most serious data breach and then complete the Impact of Events Scale—Revised (IES-R) to answer specific questions about the nature of the stress they experienced after the breach. Standard measures of trait anxiety, negative emotionality, and propensity to worry were also completed. A Data Breach Severity Index (DBSI) was created to quantify the invasiveness and consequences of each participant’s data breach. Hierarchical multiple regression analyses were used to identify demographic variables and psychological characteristics predictive of IES-R scores while controlling for DBSI scores. As expected, more invasive and consequential data breaches were associated with higher IES-R scores (greater data-breach-induced stress). Women had higher IES-R scores than men, and this difference persisted after controlling for gender differences in anxiety, negative emotionality, and propensity to worry. Greater daily social media use was associated with higher IES-R scores, whereas higher digital security expertise was associated with lower IES-R scores. The results illuminate several relationships between demographic and psychological characteristics and data-breach-induced stress that should be investigated further.

Published
2024
Full Text
View/download PDF

11. Utilizing computational methods for analysing media framing of organizational crises: The 'Datalek' scandal during the COVID‐19 pandemic in the Netherlands.

Author

Nguyen, Dennis, Nguyen, Sergül, Le, Phuong Hoan, Oomen, Tessa, and Wang, Yijing

Subjects
*LIFE cycles (Biology), *DATA security failures, *DATA transmission systems, *CONTENT analysis, *PUBLIC communication, *CRISIS communication
Abstract

Media framing of organizational crises is an important factor to consider in crisis communication since it can shape stakeholders' perceptions of organizations and discussions in the public sphere. This takes place in complex media ecologies where public communication happens at a large scale, both in the news and on social media. Here, computational methods offer new venues for analysing media framing in flux throughout the crisis life cycle. Especially methods for automated content analysis can quickly and efficiently reveal what media frames emerge in a crisis context and how they change over time across different channels and platforms. The present study showcases the benefits of such methodological approaches by critically exploring the example of the data breach at the national municipal health service in the Netherlands. Using computational methods for media frame analysis on news texts (N1 = 519) and social media postings (N2 = 2986), this article reconstructs how the incident was perceived throughout four crisis stages (build‐up, outbreak, chronic stage, termination). The article critically discusses the relevance of researching media framing empirically with emphasis on the benefits but also limitations of computational approaches. It concludes with some general pointers for crisis researchers interested in such methods as well as their implications for practitioners in the field. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

12. Modelling user notification scenarios in privacy policies.

Author

Kuznetsov, Mikhail, Novikova, Evgenia, and Kotenko, Igor

Subjects
DATA privacy, DATA security failures, ELECTRONIC data processing, INFORMATION policy, CLOUD computing, PERSONALLY identifiable information
Abstract

The processing of personal data gives a rise to many privacy concerns, and one of them is to ensure the transparency of data processing to end users. Usually this information is communicated to them using privacy policies. In this paper, the problem of user notification in case of data breaches and policy changes is addressed, besides an ontology-based approach to model them is proposed. To specify the ontology concepts and properties, the requirements and recommendations for the legislative regulations as well as existing privacy policies are evaluated. A set of SPARQL queries to validate the correctness and completeness of the proposed ontology are developed. The proposed approach is applied to evaluate the privacy policies designed by cloud computing providers and IoT device manufacturers. The results of the analysis show that the transparency of user notification scenarios presented in the privacy policies is still very low, and the companies should reconsider the notification mechanisms and provide more detailed information in privacy policies. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

13. Individual Differences in Psychological Stress Associated with Data Breach Experiences.

Author

Sears, Christopher R. and Cunningham, Daniel R.

Subjects
PSYCHOLOGICAL stress, INDIVIDUAL differences, DATA security failures, ANXIETY, MULTIPLE regression analysis
Abstract

Data breach incidents are now a regular occurrence, with millions of people affected worldwide. Few studies have examined the psychological aspects of data breach experiences, however, or the individual differences that influence how people react to these events. In this study, we examined the psychological stress associated with a personal experience with a data breach and several individual differences hypothesized to modulate such stress (age, gender, digital security awareness and expertise, trait anxiety, negative emotionality, and propensity to worry). A student sample (N = 166) and a community sample (N = 359) completed an online survey that asked participants to describe their most serious data breach and then complete the Impact of Events Scale—Revised (IES-R) to answer specific questions about the nature of the stress they experienced after the breach. Standard measures of trait anxiety, negative emotionality, and propensity to worry were also completed. A Data Breach Severity Index (DBSI) was created to quantify the invasiveness and consequences of each participant's data breach. Hierarchical multiple regression analyses were used to identify demographic variables and psychological characteristics predictive of IES-R scores while controlling for DBSI scores. As expected, more invasive and consequential data breaches were associated with higher IES-R scores (greater data-breach-induced stress). Women had higher IES-R scores than men, and this difference persisted after controlling for gender differences in anxiety, negative emotionality, and propensity to worry. Greater daily social media use was associated with higher IES-R scores, whereas higher digital security expertise was associated with lower IES-R scores. The results illuminate several relationships between demographic and psychological characteristics and data-breach-induced stress that should be investigated further. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

14. Privacy Perceptions on Personal Data and Data Breaches in South Africa.

Author

Nyoni, Phillip, Velempini, Mthulisi, and Mavetera, Nehemiah

Subjects
DATA privacy, INTERNET content, DATA security failures, TECHNOLOGICAL risk assessment, AUTOMATIC systems in automobiles
Abstract

Research shows that data breaches often occur when organizations fail to protect users' personal data sufficiently well. Many devices are connected to the Internet such as mobile phones, smart cars, wearables and 'Things' which increase the number of potential entry points into data stores. This paper discusses the potential data privacy risks that users face online. The study used online content analysis and surveys to establish the privacy perceptions of users and trends of data breaches in South Africa. The findings reveal that users have a positive perception of data managers and view them as knowledgeable in data protection. Nevertheless, the results show that privacy risks do exist online, and the number of data breaches and abuses has increased over time. These breaches result in exposure and loss of personal data. The findings of this study are useful in developing strategies and policies to combat data breaches while improving security systems. [ABSTRACT FROM AUTHOR]

Published
2024

15. The Impact of the Type of Cybersecurity Assurance Service and Cybersecurity Incidents on Investor Perceptions and Decisions.

Author

Perols, Rebecca R.

Abstract

SUMMARY: Regulators, investors, and boards of directors are increasingly demanding information about organizations' cybersecurity risk management. I examine the effect of the AICPA's voluntary cybersecurity examination service on investor perceptions and decisions. Similar to a previous AICPA IT-related assurance service called WebTrust that failed in the marketplace, cybersecurity examinations face competition from less comprehensive and less costly assurance services in a nonstandardized assurance market, and it is unclear whether investors will recognize the value provided by the more comprehensive assurance service. I find that investors are more willing to invest when management disclosures describe a cybersecurity examination compared with a less comprehensive assurance service but only if the assurance is in response to a cybersecurity incident. I also find that this effect is mediated by investor perceptions of assurance quality. I, however, do not find support for these same effects when the assurance is disclosed in the absence of an incident. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

16. XBRL reporting in firms with data breach incidents.

Author

Jiang, Wanying, Xu, Chunhao, and Counts, Roy Wayne

Subjects
DATA security failures, FINANCIAL market reaction, FINANCIAL statements
Abstract

The Securities and Exchange Commission (SEC) adopted new rules mandating that firms disclose cybersecurity incidents and risk management procedures for inline XBRL reporting, highlighting the regulator's concern about firms' response to data breaches. In this study, we examine whether firms use XBRL strategically to hinder external stakeholders from understanding the impact of announced data breaches. We find that firm XBRL filing complexity increases following data breaches. Further investigation suggests that the increased XBRL complexity is concentrated on financial statement note tags instead of financial statement tags. The findings imply that firms with data breach incidents are likely to increase XBRL reporting complexity to mitigate stock market reactions. We also find that analysts following moderate the relationship between the data breach and XBRL reporting timeliness. These findings provide empirical evidence about XBRL reporting changes after data breach incidents and contribute to cybersecurity literature and XBRL filing regulation. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

17. WHERE IS IT IN INFORMATION SECURITY? THE INTERRELATIONSHIP AMONG IT INVESTMENT, SECURITY AWARENESS, AND DATA BREACHES.

Author

Li, Wilson Weixun, Leung, Alvin Chung Man, and Yue, Wei Thoo

Abstract

Data breaches can severely damage a firm’s reputation and its customers’ confidence. Firms must therefore continuously invest in security measures to prevent such breaches. However, the effectiveness of security investment has been questioned by both practitioners and academics. We illustrate the bidirectional dynamic relationship between information technology (IT) investment and data breaches moderated by threat and countermeasure security awareness using an eight-year panel of 311 U.S.-listed firms to provide empirical evidence that threat awareness broadens firms’ scope for addressing databreach issues by investing more in IT than in security. Countermeasure awareness equips firms with sufficient knowledge and experience to ensure effective implementation of IT, which provides more comprehensive protection than security investment alone. Our results suggest that firms should evolve beyond the reactive mindset of solely upgrading security and begin nurturing both threat awareness and countermeasure awareness to address the underlying IT system issues that are the cause of data breaches. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

19. Scp-bp Framework: Situational Crime Prevention for Managing Data Breaches in Business Processes

Author

Miao, Cheng, Ho, Heemeng, Tsen, Elinor, Gilmour, John, Ko, Ryan K. L., Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Marrella, Andrea, editor, Resinas, Manuel, editor, Jans, Mieke, editor, and Rosemann, Michael, editor

Published
2024
Full Text
View/download PDF

20. Research on Data Security Protection of Power Grid Geographic Information

Author

Ma, Jing, Fan, Jinqiang, Chen, Hongyou, Miao, Han, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Tan, Kay Chen, Series Editor, Chen, Zhe, editor, Yang, Wenming, editor, and Chen, Hao, editor

Published
2024
Full Text
View/download PDF

21. Security Vulnerabilities in Facebook Data Breach

Author

Hua, Jing, Wang, Ping, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, and Latifi, Shahram, editor

Published
2024
Full Text
View/download PDF

23. Characterizing Privacy Risks in Healthcare IoT Systems

Author

Li, Shuai, Baiocco, Alessio, Xu, Shouhuai, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Abie, Habtamu, editor, Gkioulos, Vasileios, editor, Katsikas, Sokratis, editor, and Pirbhulal, Sandeep, editor

Published
2024
Full Text
View/download PDF

24. Impact Versus Frequency on Cybersecurity Breach Trends in the Business and Medical Industry to Identify Human Error

Author

Kahanda, Galathara, Rider, Sasha, Mukhopadhyay, Sayantini, Masys, Anthony J., Editor-in-Chief, Bichler, Gisela, Advisory Editor, Bourlai, Thirimachos, Advisory Editor, Johnson, Chris, Advisory Editor, Karampelas, Panagiotis, Advisory Editor, Leuprecht, Christian, Advisory Editor, Morse, Edward C., Advisory Editor, Skillicorn, David, Advisory Editor, Yamagata, Yoshiki, Advisory Editor, and Jahankhani, Hamid, editor

Published
2024
Full Text
View/download PDF

27. Personal Information Leakage Threats and Suggestions for Improvement in China’s Epidemic Prevention and Control

Author

Chen, Tianshu, Striełkowski, Wadim, Editor-in-Chief, Black, Jessica M., Series Editor, Butterfield, Stephen A., Series Editor, Chang, Chi-Cheng, Series Editor, Cheng, Jiuqing, Series Editor, Dumanig, Francisco Perlas, Series Editor, Al-Mabuk, Radhi, Series Editor, Scheper-Hughes, Nancy, Series Editor, Urban, Mathias, Series Editor, Webb, Stephen, Series Editor, Chen, Youbin, editor, Khan, Intakhab Alam, editor, Shen, Chaoqun, editor, and Mishra, Deepanjali, editor

Published
2024
Full Text
View/download PDF

28. AN EMPIRICAL INVESTIGATION OF COMPANY RESPONSE TO DATA BREACHES.

Author

Nikkhah, Hamid Reza and Grover, Varun

Abstract

Companies may face serious adverse consequences as a result of a data breach event. To repair the potential damage to relationships with stakeholders after data breaches, companies adopt a variety of response strategies. However, the effects of these response strategies on the behavior of stakeholders after a data breach are unclear; differences in response times may also affect these outcomes, depending on the notification laws that apply to each company. As part of a multimethod study, we first identified the adopted response strategies in Study 1 based on content analysis of the response letters issued by publicly traded U.S. companies (n = 204) following data breaches; these strategies include any combination of the following: corrective action, apology, and compensation. We also found that breached companies may remain silent and adopt a “no action” strategy. In Studies 2 and 3, we examined the effects of various response strategies and response times on the predominant stakeholders affected by data breaches: customers and investors. In Study 2, we focused on customers and present a moderated-moderated-mediation model based on the expectancy violation theory. To test this model, we designed a factorial survey with 15 different conditions (n = 811). In Study 3, we focused on investors and conducted an event study (n = 166) to examine their reactions to company responses to data breaches. The results indicate the presence of moderating effects of certain response strategies; surprisingly, we did not find compensation to be more effective than apology. The magnitude of the moderating effects of response strategies is contingent upon response time. We also found that the negative effects of data breaches disappear after six months. We interpret the results and provide implications for research and practice. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

29. Vendor selection in the wake of data breaches: A longitudinal study.

Author

Wang, Qian, Jiang, Shenyang, Ngai, Eric W. T., and Huo, Baofeng

Subjects
DATA security failures, INFORMATION technology security, MEDICAL records, ELECTRONIC health records, INFORMATION technology outsourcing
Abstract

With the increasing digitization and networking of medical data and personal health information, information security has become a critical factor in vendor selection. However, limited understanding exists regarding how information security influences vendor selection. Drawing from the attention‐based view (ABV), this study examines the potential impact of data breaches on hospitals' selection of electronic medical record system (EMRS) vendors. To test our hypotheses, we compile a unique dataset spanning 12 years of observations from US hospitals. Utilizing a coarsened exact matching (CEM) technique combined with a difference‐in‐differences (DiD) approach, our study shows that hospitals tend to replace their EMRS vendors after experiencing data breaches. Moreover, breached hospitals tend to prioritize information security in such a vendor replacement process by switching to star vendors and migrating towards a single‐sourcing configuration. Further post‐hoc analyses reveal that these impacts of data breaches are mitigated as the relationship between breached hospitals and vendors matures or when hospitals belong to large healthcare systems. Additionally, we find that the effects of data breaches are contingent on the scale of the breach and are short‐term in nature. This research underscores the significance of information security as a crucial consideration in vendor selection for both academia and practitioners. Highlights: We find that hospitals tend to change their electronic medical record system (EMRS) vendors following data breaches. During this replacement, they are more inclined to select star vendors and migrate towards a single‐sourcing configuration.We also find that the impacts of data breaches can be mitigated as the relationship between breached hospitals and vendors matures, or when hospitals are integrated into larger healthcare systems.Additionally, we find that the effects of data breaches are dependent on the scale of the breach and are typically short‐term in nature. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

30. Impact, Compliance, and Countermeasures in Relation to Data Breaches in Publicly Traded U.S. Companies.

Author

Rodrigues, Gabriel Arquelau Pimenta, Serrano, André Luiz Marques, Vergara, Guilherme Fay, Albuquerque, Robson de Oliveira, and Nze, Georges Daniel Amvame

Subjects
DATA security failures, PUBLIC companies, DATA protection, STOCK prices, RIGHT of privacy
Abstract

A data breach is the unauthorized disclosure of sensitive personal data, and it impacts millions of individuals annually in the United States, as reported by Privacy Rights Clearinghouse. These breaches jeopardize the physical safety of the individuals whose data are exposed and result in substantial economic losses for the affected companies. To diminish the frequency and severity of data breaches in the future, it is imperative to research their causes and explore preventive measures. In pursuit of this goal, this study considers a dataset of data breach incidents affecting companies listed on the New York Stock Exchange and NASDAQ. This dataset has been augmented with additional information regarding the targeted company. This paper employs statistical visualizations of the data to clarify these incidents and assess their consequences on the affected companies and individuals whose data were compromised. We then propose mitigation controls based on established frameworks such as the NIST Cybersecurity Framework. Additionally, this paper reviews the compliance scenario by examining the relevant laws and regulations applicable to each case, including SOX, HIPAA, GLBA, and PCI-DSS, and evaluates the impacts of data breaches on stock market prices. We also review guidelines for appropriately responding to data leaks in the U.S., for compliance achievement and cost reduction. By conducting this analysis, this work aims to contribute to a comprehensive understanding of data breaches and empower organizations to safeguard against them proactively, improving the technical quality of their basic services. To our knowledge, this is the first paper to address compliance with data protection regulations, security controls as countermeasures, financial impacts on stock prices, and incident response strategies. Although the discussion is focused on publicly traded companies in the United States, it may also apply to public and private companies worldwide. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

32. Using Blockchain to Secure Digital Identity and Privacy Across Digital Sectors.

Author

Gopal, Jaynill and Omeleze-Baror, Stacey

Abstract

In the digital age digital data has been seen as the new currency for both companies and bad actors, leading to mismanagement of personal data by both entities. This mismanagement could lead to personal data being breached while this may prove to be beneficial to certain entities, this however is not the case for users and digital citizens. In recent years there has been an influx in data breaches and data mismanagement cases throughout various industries, including corporations such as Apple and Facebook, involving critical data relating to user's digital identities, personal data, and other identifiable information. This issue may be addressed by employing the use of blockchain technology, a technology that has been recognized as a secure system promoting security and privacy, we can prevent this mismanagement of data and data breaches from happening. While blockchain is a relatively new technology, there is potential to use it in the current age of the internet and digital identities by employing blockchain technology to secure one's digital identity. This research aims to propose a potential solution to the issue of data protection and data breaches by proposing and making use of a conceptual model which makes use of a multi-level blockchain system. The system isolates data from digital identities between various digital platforms to minimize the amount of data breaches that may occur - further minimizing the amount of personal data which may be breached. This system allows the user to have full control over who may access their private data, while preventing bad actors from accessing the data without the user's authorization. The multi-level blockchain splits the user's data according to industrial or digital sector in which their data is used, with a master blockchain acting as the connecting link to a person's digital identity. Making use of this multi-level blockchain allows for the user to control who has access to their data, while remaining anonymous and secure in a digital platform's database or digital storage. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

33. Assessing Data Breach Factors Through Modern Crime Theory: A Structural Equation Modeling Approach

Author

Narjisse Nejjari, Karim Zkik, Hicham Hammouchi, Mounir Ghogho, and Houda Benbrahim

Subjects
Information security breach, data breach, crime theory, covariance-based structural equation modeling, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Research into data security often emphasizes the need to understand the factors linked to security breaches, aiming to prevent future information security incidents. The advancement of digital technology has made safeguarding an organization’s sensitive data more complex. Despite the growth of research in data security, there’s currently a shortage of studies that specifically investigate the factors contributing to information security breaches in organizations. Previous studies have primarily examined the security posture of companies and organizations, focusing on the breach type and location. However, few studies have explored external factors that may contribute to organizations’ vulnerability to information security breaches. The current study addresses this gap in the literature by integrating modern crime theory (MCT) to investigate the exogenous factors influencing the victimization of public and private organizations to data breach incidents. We use insights from crime theories and information about organizations’ technical, organizational, and financial aspects to investigate how attractiveness, visibility, and guardianship affect the likelihood of data breaches. We build a theoretical model to explore the relationship between these factors as independent predictors of data breaches. A covariance-based structural equation modeling (CB-SEM) based framework is developed to conduct a comprehensive examination of the dynamics within the context of cybercrime. Through the examination of collected data from 4,868 organizations, this study demonstrates a good fit of the hypothesized model to the data, supporting the validity of the proposed constructs. The results of this study validate the use of MCT in the study of information security breach, and enable the identification of the major exogenous factors influencing data breaches, such as the attractiveness of valuable data and effectiveness of guardianship measures.

Published
2024
Full Text
View/download PDF

34. THE OPM DATA BREACH: AN INVESTIGATION OF SHARED EMOTIONAL REACTIONS ON TWITTER.

Author

Bachura, Eric, Valecha, Rohit, Rui Chen, and Rao, H. Raghav

Abstract

This paper investigates the shared emotional responses of Twitter users in the aftermath of a massive data breach, a crisis event known as the Office of Personnel Management (OPM) data breach of 2015. This breach impacted the lives of several million individuals due to the exposure of sensitive and personally identifying information. We take a data exploration approach to analyzing over 18,000 tweet messages of the ensuing discussion that took place after public notification that the breach had occurred. The resulting analysis reveals that although the emotions of anxiety, anger, and sadness may initially appear erratic, at an aggregate level, the public display of these emotions corresponds to the situational awareness of the breach event. Further, our analysis finds that this relationship extends to the sharing of emotions, indicating that those participating in the conversation congregate around a sense of shared emotional experience. Finally, an in-depth analysis of the ensuing dialogue identifies the most salient conversational drivers of these emotions, revealing breach concepts most significantly related to each emotion. Based on the results, we present propositions that draw from this analysis to inform emotional response characteristics that emerge over the duration of such crisis events. The results of this study can inform organizational practices and policy making in the context of response to crisis events such as data breaches. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

35. Edge Computing and IoT Data Breaches: Security, Privacy, Trust, and Regulation.

Author

Kolevski, David and Michael, Katina

Subjects
*INFORMATION technology, *TRUST, *SMART devices, *ELECTRONIC data processing, *EDGE computing, *INTERNET of things, *CLOUD computing, *CRYPTOGRAPHY
Abstract

Edge computing is an emerging computing paradigm representing decentralized and distributed information technology architecture. The demand for edge computing is primarily driven by the increased number of smart devices and the Internet of Things (IoT) that generate and transmit a substantial amount of data, that would otherwise be stored on cloud computing services. The edge architecture enables data and computation to be performed in close proximity to users and data sources and acts as the pathway toward upstream data centers. Rather than sending data to the cloud for processing, the analysis and work is done closer to where the source of the data is generated (). Edge services leverage local infrastructure resources allowing for reduced network latency, improved bandwidth utilization, and better energy efficiency compared to cloud computing. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

36. Mitigating the consequences of electronic health record data breaches for patients and healthcare workers.

Author

Looi, Jeffrey C. L., Allison, Stephen, Bastiampillai, Tarun, Maguire, Paul A., Kisely, Steve, and Looi, Richard C. H.

Subjects
*IDENTITY theft -- Law & legislation, *DATA security failures, *SOCIAL support, *INFORMATION resources management, *GOVERNMENT regulation, *PATIENTS, *HEALTH Insurance Portability & Accountability Act, *LEGAL liability, *DATA security, *ELECTRONIC health records
Abstract

Electronic health records (EHRs) have been widely adopted in Australian public sector healthcare and will remain an ongoing, essential data system. However, recent substantial data breaches from hacked business data systems in Australian enterprises, as well as international healthcare providers, mean that EHR data breaches are increasingly likely in Australia. Risks include medical identity theft and extortion attempts based on threats to release sensitive patient information. Hacking is now a foreseeable additional risk of medical treatment. Risk mitigation for the consequences of data breaches needs to be considered, as well as support for patients (and families) and healthcare workers. This includes identity theft protection services, cybersecurity insurance, and psychological support. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

37. Pepal: Penalizing multimedia breaches and partial leakages.

Author

Mangipudi, Easwar Vivek, Rao, Krutarth, Clark, Jeremy, and Kate, Aniket

Subjects
*LEAKAGE, *BLOCKCHAINS, *CRYPTOCURRENCIES, *WATERMARKS
Abstract

Storage of media files by users at a third party, like cloud services or escrows, is increasing every day along with the risk of stored files being leaked through breaches from third parties. In this article, we study the problem of handling either intentional or unintentional multimedia storage breaches by the entity hosting the data. To address the problem, we design the Pepal: protocol where the sender forwarding multimedia data to a receiver can penalize the receiver through loss of cryptocurrency even for partial data leakage. Pepal: achieves this by augmenting a blockchain on-chain smart contract between the two parties with an off-chain cryptographic protocol. The protocol involves a new primitive doubly oblivious transfer (DOT), which, when combined with robust watermarking and a claim-or-refund blockchain contract, provides the necessary framework for a provably secure protocol. Any public data leakage by the receiver leads to the sender learning the receiver's crypto-currency secret key, which allows him to transfer the claim-or-refund deposit of the receiver. The Pepal: protocol also ensures that the malicious sender cannot steal the deposit, even by leaking the original multimedia document in any form. We analyze our DOT-based design against partial adversarial leakages and show it to be robust against even small leakages. The prototype implementation of our Pepal: protocol shows our system to be efficient and easy to deploy in practice. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

38. Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review.

Author

Pimenta Rodrigues, Gabriel Arquelau, Marques Serrano, André Luiz, Lopes Espiñeira Lemos, Amanda Nunes, Canedo, Edna Dias, Mendonça, Fábio Lúcio Lopes de, de Oliveira Albuquerque, Robson, Sandoval Orozco, Ana Lucila, and García Villalba, Luis Javier

Subjects
DATA protection laws, DATA security failures, LAW reviews, DATA visualization, DATA protection
Abstract

Data breaches result in data loss, including personal, health, and financial information that are crucial, sensitive, and private. The breach is a security incident in which personal and sensitive data are exposed to unauthorized individuals, with the potential to incur several privacy concerns. As an example, the French newspaper Le Figaro breached approximately 7.4 billion records that included full names, passwords, and e-mail and physical addresses. To reduce the likelihood and impact of such breaches, it is fundamental to strengthen the security efforts against this type of incident and, for that, it is first necessary to identify patterns of its occurrence, primarily related to the number of data records leaked, the affected geographical region, and its regulatory aspects. To advance the discussion in this regard, we study a dataset comprising 428 worldwide data breaches between 2018 and 2019, providing a visualization of the related statistics, such as the most affected countries, the predominant economic sector targeted in different countries, and the median number of records leaked per incident in different countries, regions, and sectors. We then discuss the data protection regulation in effect in each country comprised in the dataset, correlating key elements of the legislation with the statistical findings. As a result, we have identified an extensive disclosure of medical records in India and government data in Brazil in the time range. Based on the analysis and visualization, we find some interesting insights that researchers seldom focus on before, and it is apparent that the real dangers of data leaks are beyond the ordinary imagination. Finally, this paper contributes to the discussion regarding data protection laws and compliance regarding data breaches, supporting, for example, the decision process of data storage location in the cloud. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

39. DEFEAT DATA BREACHERS' MINDS: BLOCKCHAIN WITH BOUNDED RATIONALITY TO ADVANCE INFORMATION SECURITY.

Author

Yuanxiang John Li, Ngugi, Benjamin K., and Lin, Frank M.

Subjects
BOUNDED rationality, BLOCKCHAINS, INFORMATION technology security, DIGITAL natives
Abstract

The fundamental design of contemporary security models leaves opportunities and incentives for hackers and insiders to breach a company's information assets due to the centralized control of the trusted third party (e.g., governments, banks, corporations). The mechanism of Blockchain has recognized this flaw as the central point of failure. This conceptual paper introduces Blockchain, the first native digital medium for securely transferring value over the Internet. It discusses how Blockchain, with bounded rationality, can undermine the motivations of breachers to secure information assets as information security research has switched from defending the products of hackers to hackers themselves. We reviewed the literature about Blockchain, bounded rationality, and information security to discuss how Blockchain can complement and improve current information security defense models, especially in preventing external hackers and reducing insider breaches. Our illustrations in the paper show that applications of Blockchain with current cybersecurity countermeasures can dramatically increase the complexity of compromising information assets and significantly advance information security. [ABSTRACT FROM AUTHOR]

Published
2024

40. Ordeal by innocence in the big‐data era: Intended data breach disclosure, unintended real activities manipulation.

Author

Liu, Jinyu and Ni, Xiaoran

Subjects
DATA security failures, DISCLOSURE laws, EARNINGS management, PRODUCTION management (Manufacturing), INTERNATIONAL Financial Reporting Standards, OPERATIONS management, PATENT law, CHIEF executive officers, BREACH of contract
Abstract

We demonstrate an unintended consequence of mandatory disclosure of data breaches: the distortion of firms' real business activities. Employing the staggered adoption of data breach disclosure laws across various US states, we show that mandatory disclosure exacerbates CEOs' real earnings manipulation through production and operation management, which is more pronounced for firms of which the outbreak of data breaches is more of a concern and under stronger short‐term market pressure. The law adoption is associated with higher stock price crash risk and fewer patenting activities. Our findings reveal side effects of certain customer‐protection regulations in view of dampened information quality. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

41. Cybersecurity Risk and Audit Pricing—A Machine Learning-Based Analysis.

Author

Jiang, Wanying

Subjects
INFORMATION technology, MACHINE learning, INTERNET security, PRICES, DATA security failures, INTERNET security laws, DISCLOSURE, BOTTLENECKS (Manufacturing)
Abstract

Cybersecurity risk represents a growing business threat. However, little attention has been paid to its assessment. This study proposes a machine learning algorithm that considers firm cybersecurity risk disclosure, information technology governance, external monitoring by financial analysts and auditors, and general firm characteristics to estimate cybersecurity risk (i.e., the likelihood of a firm experiencing data breaches during a year). This measure outperforms the measure produced by logistic regression models, is higher in industries more prone to cyberattacks, and effectively predicts future data breaches and firm use of cybersecurity insurance policies. I also examine whether auditors consider firm cybersecurity risk in the engagement planning process, finding that, on average, a one-percentage-point increase in cybersecurity risk is associated with a 1.15 percent increase in audit fees. In addition, auditors charge a fee premium after a data breach only if the client has heightened cybersecurity risk. Data Availability: Data are available from the public sources cited in the text. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

43. Australia’s Notifiable Data Breach Scheme: An Analysis of Risk Management Findings for Healthcare

Author

Dart, Martin, Ahmed, Mohiuddin, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Li, Yan, editor, Huang, Zhisheng, editor, Sharma, Manik, editor, Chen, Lu, editor, and Zhou, Rui, editor

Published
2023
Full Text
View/download PDF

44. Cyber Crime Undermines Data Privacy Efforts – On the Balance Between Data Privacy and Security

Author

Mundt, Michael, Baier, Harald, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Goel, Sanjay, editor, Gladyshev, Pavel, editor, Nikolay, Akatyev, editor, Markowsky, George, editor, and Johnson, Daryl, editor

Published
2023
Full Text
View/download PDF

46. A Systematic Literature Review on Information Security Leakage: Evaluating Security Threat

Author

Ebadinezhad, Sahar, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Shakya, Subarna, editor, Balas, Valentina Emilia, editor, and Haoxiang, Wang, editor

Published
2023
Full Text
View/download PDF

48. An Analysis of Cybersecurity Data Breach in the State of California

Author

Bey, Zakaria Tayeb, Agyeman, Michael Opoku, Masys, Anthony J., Editor-in-Chief, Bichler, Gisela, Advisory Editor, Bourlai, Thirimachos, Advisory Editor, Johnson, Chris, Advisory Editor, Karampelas, Panagiotis, Advisory Editor, Leuprecht, Christian, Advisory Editor, Morse, Edward C., Advisory Editor, Skillicorn, David, Advisory Editor, Yamagata, Yoshiki, Advisory Editor, and Jahankhani, Hamid, editor

Published
2023
Full Text
View/download PDF

49. Mapping of data breaches in companies listed on the NYSE and NASDAQ: Insights and implications

Author

Gabriel Arquelau Pimenta Rodrigues, André Luiz Marques Serrano, Robson de Oliveira Albuquerque, Gabriela Mayumi Saiki, Sara Santedicola Ribeiro, Ana Lucila Sandoval Orozco, and Luis Javier García Villalba

Subjects
Cybersecurity, Data analysis, Data breach, Privacy, Statistics, Technology
Abstract

The Internet of Things, Smart Devices, Information Systems, and Cloud Services have led to a digital transformation of companies. Such revolution has been accompanied by a huge amount of data available for companies, posing the growing challenge of data breaches. However, data breaches are not just a concern and complication for security experts; they also affect clients, stakeholders, organizations, and businesses, as stated by the Privacy Rights Clearinghouse. Thus, this study provides insights into data breaches faced by companies listed on the New York Stock Exchange and NASDAQ. The study found that hacking/IT incidents are the forms of attack with greater impact in data breaches, followed by unauthorized internal disclosures. The frequency of data breaches, the magnitude of exposed records, and financial losses due to breached records are increasing rapidly. Data from the companies listed on the stock exchange is regarded as being highly valuable. This has become a significant lure for the misappropriation and pilferage of data. Addressing this anomaly, the paper employs statistical visualizations of the data to shed light on these incidents and assess their consequences on the affected companies and individuals whose data was compromised. This work aims to contribute to a comprehensive understanding of data breaches and empower organizations to safeguard against them proactively by conducting this multifaceted analysis, and also provides a brief qualitative risk assessment regarding the attack vectors.

Published
2024
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results