Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

A longitudinal analysis of data breaches

A longitudinal analysis of data breaches Purpose – The purpose of this research is to provide companies and consumers with information about the potential connections between data breach types and institutions. This study also aims to add to the body of knowledge about data breaches. Design/methodology/approach – This study analyzes a chronology of five years of data breaches. The data were classified and analyzed by breach and institution type, record size, and state. Multiple statistical tests were performed. Findings – Breach types stolen and exposed are statistically more likely to occur. Educational institutions are more likely to have a breach and it is more probable that educational breaches will be of type hacker or exposed. The proportion of insider incidents is smaller than the other breach types. The number of records breached is independent of institution and breach type. Research limitations/implications – Only those breaches with a specified number of records are included. The information used may have been updated after our analysis, usually a change in the number of records identified. Practical implications – Additional knowledge about characteristics of data breaches and the relationship between breach types and institution types will enable both businesses and consumers to be more effective in protecting sensitive information. Businesses will be able to create security budgets based on risk factors and consumers will be more aware of the risks of providing sensitive information. Originality/value – This study provides a longitudinal analysis covering five years of data breaches and analyzes the relationship between five breach types and six types of institutions. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information Management & Computer Security Emerald Publishing

A longitudinal analysis of data breaches

Download PDF
15 pages

Loading next page...
 
/lp/emerald-publishing/a-longitudinal-analysis-of-data-breaches-XcVUl0hYcZ
Publisher
Emerald Publishing
Copyright
Copyright © 2011 Emerald Group Publishing Limited. All rights reserved.
ISSN
0968-5227
DOI
10.1108/09685221111173049
Publisher site
See Article on Publisher Site

Abstract

Purpose – The purpose of this research is to provide companies and consumers with information about the potential connections between data breach types and institutions. This study also aims to add to the body of knowledge about data breaches. Design/methodology/approach – This study analyzes a chronology of five years of data breaches. The data were classified and analyzed by breach and institution type, record size, and state. Multiple statistical tests were performed. Findings – Breach types stolen and exposed are statistically more likely to occur. Educational institutions are more likely to have a breach and it is more probable that educational breaches will be of type hacker or exposed. The proportion of insider incidents is smaller than the other breach types. The number of records breached is independent of institution and breach type. Research limitations/implications – Only those breaches with a specified number of records are included. The information used may have been updated after our analysis, usually a change in the number of records identified. Practical implications – Additional knowledge about characteristics of data breaches and the relationship between breach types and institution types will enable both businesses and consumers to be more effective in protecting sensitive information. Businesses will be able to create security budgets based on risk factors and consumers will be more aware of the risks of providing sensitive information. Originality/value – This study provides a longitudinal analysis covering five years of data breaches and analyzes the relationship between five breach types and six types of institutions.

Journal

Information Management & Computer SecurityEmerald Publishing

Published: Oct 11, 2011

Keywords: Data breach; Identity theft; Computer security; Data security; Personally identifiable information; Security breach; Computer crime

References

  • 2009 Data Breach Investigations Report
    Baker, W.; Hutton, A.; Hylender, C.; Novak, C.; Porter, C.; Sartin, B.; Tippett, P.; Valentine, J.
  • Information systems security from a knowledge management perspective
    Belsis, P.; Kokolakis, S.; Kiountouzis, E.
  • Governing for Enterprise Security
    CERT
  • Knowing is doing: an empirical validation of the relationship between managerial information security awareness and action
    Choi, N.; Kim, D.; Goo, J.; Whitmore, A.
  • Using science to combat data loss: analyzing breaches by type and industry
    Curtin, M.; Ayres, L.
  • Fiscal Year 2011 Congressional Budget Justification Summary
    FTC
  • Consumer Sentinel Network Data Book January – December 2009
    FTC
  • Sec: Best practices lost or stolen data: minimizing fallout
    Granade, P.
  • Information systems security issues and decisions for small businesses: an empirical examination
    Guptan, A.; Hammond, R.
  • Data breaches, malware attacks on rise
    Information Management Journal
  • ITRC Reports 2009 Data Breaches
    Information Management Journal
  • Data breaches
    ITRC
  • 2009 Data Breach Stats
    ITRC
  • Lessons learned from university data breaches
    Ncube, C.; Garrison, C.
  • OSF Data Loss – Reports
    Open Security Foundation
  • Data Loss Statistics
    Open Security Foundation
  • Congress debates data breach legislation
    Pike, G.
  • About the Privacy Rights Clearinghouse
    PRC
  • A Chronology of Data Breaches
    PRC
  • Are There State‐specific Breach Listings?
    PRC
  • Are data breach headlines steering you down the wrong security path?
    Security Director's Report
  • The 2010 Identity Fraud Survey Report
    Vamosi, R.; Monahan, M.; Kim, R.