Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

A longitudinal analysis of data breaches

A longitudinal analysis of data breaches Purpose – The purpose of this research is to provide companies and consumers with information about the potential connections between data breach types and institutions. This study also aims to add to the body of knowledge about data breaches. Design/methodology/approach – This study analyzes a chronology of five years of data breaches. The data were classified and analyzed by breach and institution type, record size, and state. Multiple statistical tests were performed. Findings – Breach types stolen and exposed are statistically more likely to occur. Educational institutions are more likely to have a breach and it is more probable that educational breaches will be of type hacker or exposed. The proportion of insider incidents is smaller than the other breach types. The number of records breached is independent of institution and breach type. Research limitations/implications – Only those breaches with a specified number of records are included. The information used may have been updated after our analysis, usually a change in the number of records identified. Practical implications – Additional knowledge about characteristics of data breaches and the relationship between breach types and institution types will enable both businesses and consumers to be more effective in protecting sensitive information. Businesses will be able to create security budgets based on risk factors and consumers will be more aware of the risks of providing sensitive information. Originality/value – This study provides a longitudinal analysis covering five years of data breaches and analyzes the relationship between five breach types and six types of institutions. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information Management & Computer Security Emerald Publishing

A longitudinal analysis of data breaches

Loading next page...
 
/lp/emerald-publishing/a-longitudinal-analysis-of-data-breaches-XcVUl0hYcZ

References (28)

Publisher
Emerald Publishing
Copyright
Copyright © 2011 Emerald Group Publishing Limited. All rights reserved.
ISSN
0968-5227
DOI
10.1108/09685221111173049
Publisher site
See Article on Publisher Site

Abstract

Purpose – The purpose of this research is to provide companies and consumers with information about the potential connections between data breach types and institutions. This study also aims to add to the body of knowledge about data breaches. Design/methodology/approach – This study analyzes a chronology of five years of data breaches. The data were classified and analyzed by breach and institution type, record size, and state. Multiple statistical tests were performed. Findings – Breach types stolen and exposed are statistically more likely to occur. Educational institutions are more likely to have a breach and it is more probable that educational breaches will be of type hacker or exposed. The proportion of insider incidents is smaller than the other breach types. The number of records breached is independent of institution and breach type. Research limitations/implications – Only those breaches with a specified number of records are included. The information used may have been updated after our analysis, usually a change in the number of records identified. Practical implications – Additional knowledge about characteristics of data breaches and the relationship between breach types and institution types will enable both businesses and consumers to be more effective in protecting sensitive information. Businesses will be able to create security budgets based on risk factors and consumers will be more aware of the risks of providing sensitive information. Originality/value – This study provides a longitudinal analysis covering five years of data breaches and analyzes the relationship between five breach types and six types of institutions.

Journal

Information Management & Computer SecurityEmerald Publishing

Published: Oct 11, 2011

Keywords: Data breach; Identity theft; Computer security; Data security; Personally identifiable information; Security breach; Computer crime

There are no references for this article.