Kholekile L. Gwebu,Jing Wang,Wenjuan Xie

2014-01-01

Abstract:To estimate the cost of a data breach to the inflicted firm, this study examines the relationship between a breach incident and changes in the inflicted firm’s profitability, perceived risk, and the inflicted firms’ information environment transparency. Profitability is measured as reported earnings and analysts’ earnings forecasts. Perceived risk is measured as reported stock return volatility and dispersion among analysts’ forecasts. Although a number of studies have investigated the stock market reaction surrounding the disclosure of a breach incident to quantify the cost associated with breaches, we argue that there exists information uncertainty and deficiency in the disclosure of the breach incident and stock market reaction surrounding a security breach announcement date may not be the best measure for the cost of security breaches. And research using other complementary measures is warranted. Our preliminary finding suggests that data breaches negatively impact firm profitability, perceived risk and information transparency. Nevertheless, the damage of a breach most likely stems from direct costs such as compensation and litigation costs rather than indirect costs such as tarnished reputation and a decrease in market share and sales. More sophisticated analysts are also found to add value in estimating the real cost of a security breach.

Shuili Du,Kholekile L. Gwebu,Jing Wang,Kun Yu

DOI: https://doi.org/10.17705/1cais.05414

2024-01-01

Communications of the Association for Information Systems

Abstract:This paper aims to identify breach- and firm-level characteristics that may account for the heterogenous stock market reaction to data breaches. Drawing upon the screening theory, this paper examines the possibility of three breach characteristics (breach severity, breach locus, and breach controllability) and two firm attributes (CEO stock ownership, and corporate social responsibility (CSR) performance) serving as information screens to influence stock market reaction to a data breach incident. Using an archival dataset compiled from multiple sources, we examine 607 data breaches from 2004 to 2018 and find that the stock market reacts more negatively if a breach is more severe (i.e., involving more data records and financially sensitive consumer data), controllable (i.e., could have been prevented), and if the breached firm has weak corporate governance, as indicated by low CEO stock ownership. Furthermore, CSR provides “insurance-like” protection by attenuating the negative effects of breach severity, breach controllability, and poor corporate governance on firm value. The findings of this research highlight the relevance of screening theory as a theoretical lens for examining the contextual dependence of stock market reaction to data breaches on key breach- and firm-level characteristics.

Kholekile L. Gwebu,Jing Wang,Li Wang

DOI: https://doi.org/10.1080/07421222.2018.1451962

IF: 7.582

2018-01-01

Journal of Management Information Systems

Abstract:Despite the significant financial losses associated with data breaches, little is known about the (in)effectiveness of the tools that firms have to protect their value following a breach. Drawing on cognitive dissonance theory and the research on cue diagnosticity and crisis management, this study examines the relative efficacy of firm reputation and a range of post-breach response strategies. The results indicate that firm reputation is an important asset in protecting firm value. However, only certain response strategies are found to mitigate the negative financial impact of a breach on lower-reputation firms, and response strategies are found to matter less for high-reputation firms. These findings offer practitioners evidence-based guidance for protecting firm value following data breaches and underscore the need for developing more nuanced strategies for managing breaches. The theoretical arguments developed here serve as a conceptual base for examining the efficacy of various data breach response strategies.

Maochao Xu,Quynh Nhu Nguyen

DOI: https://doi.org/10.30707/etd2022.20220705065053152241.999976

2022-01-01

Abstract:It is very challenging to predict the cost of a cyber incident owing to the complexnature of cyber risk. However, it is inevitable for insurance companies to offer cyber insurance policies. The time to identifying an incident and the time to noticing the affected individuals are two important components in determining the cost of a cyber incident. In this work, we initialize the study on those two metrics via statistical modeling approaches. We propose a novel approach to imputing the missing data, and further develop a dependence model to capture the complex pattern exhibited by those two metrics. The empirical study shows that the proposed approach has a satisfactory predictive performance and is superior to other commonly used models.

Svetlana Abramova,Rainer Böhme

2023-08-01

Abstract:Media reports show an alarming increase of data breaches at providers of cybersecurity products and services. Since the exposed records may reveal security-relevant data, such incidents cause undue burden and create the risk of re-victimization to individuals whose personal data gets exposed. In pursuit of examining a broad spectrum of the downstream effects on victims, we surveyed 104 persons who purchased specialized devices for the secure storage of crypto-assets and later fell victim to a breach of customer data. Our case study reveals common nuisances (i.e., spam, scams, phishing e-mails) as well as previously unseen attack vectors (e.g., involving tampered devices), which are possibly tied to the breach. A few victims report losses of digital assets as a form of the harm. We find that our participants exhibit heightened safety concerns, appear skeptical about litigation efforts, and demonstrate the ability to differentiate between the quality of the security product and the circumstances of the breach. We derive implications for the cybersecurity industry at large, and point out methodological challenges in data breach research.

Cryptography and Security

Danuvasin Charoen,Warut Khern-am-nuai

DOI: https://doi.org/10.1108/dprg-02-2024-0033

2024-07-03

Digital Policy Regulation and Governance

Abstract:Purpose The detrimental impact of data breaches on organizations and their customers has been well documented in the literature. These breaches expose sensitive information, raising concerns about reputational damage and substantial financial losses for affected firms. Prior research has consistently demonstrated the significant financial repercussions of data breach disclosures, with a significant decline in the market value of breached firms following the incident's revelation. However, recent literature has documented the shift in consumer perception toward data breaches, warranting a revisit of this important and relevant issue with more recent data. This study aims to revisit the cost of data breach disclosures by empirically analyzing the impact of recent data breach incidents on the market value of affected firms. Design/methodology/approach The authors collect the data regarding data breach incidents among publicly traded companies in the USA listed in the S&P 500 index from 2013 to 2021. The empirical analysis relies on the event study approach, and the market value of each firm is estimated using the Fama-French three-factor model. Findings This study finds that the negative market reaction to data breach announcements in recent years has been significantly weaker than those reported in prior works from the past decade. This result confirms the shift in consumer perception toward data breaches in the market. Originality/value While prior research has quantified the cost of data breach disclosures, the authors posit that a renewed examination is essential within the contemporary digital environment. Consumer behavior and market sentiment have undergone significant transformations in recent years, necessitating a revisit of this important issue with updated data. This study not only documents this evolving phenomenon but also yields crucial policy recommendations. Notably, it challenges the conventional wisdom to rely on market forces as an adequate deterrent against data breaches. Consequently, updated regulations may be necessary to effectively navigate the complexities of the evolving digital landscape.

English Else

Hong Sun,Maochao Xu,Peng Zhao

DOI: https://doi.org/10.1214/22-aoas1625

2023-01-01

The Annals of Applied Statistics

Abstract:Data breaches in healthcare have become a substantial concern in recent years, and cause millions of dollars in financial losses each year. It is fundamental for government regulators, insurance companies, and stakeholders to understand the breach frequency and the number of affected individuals in each state, as these are directly related to the federal Health Insurance Portability and Accountability Act (HIPAA) and state data breach laws. However, an obstacle to studying data breaches in healthcare is the lack of suitable statistical approaches. We develop a novel multivariate frequency-severity framework to analyze breach frequency and the number of affected individuals at the state level. A mixed effects model is developed to model the square root transformed frequency, and the log-gamma distribution is proposed to capture the skewness and heavy tail exhibited by the distribution of numbers of affected individuals. We further discover a positive nonlinear dependence between the transformed frequency and the log-transformed numbers of affected individuals (i.e., severity). In particular, we propose to use a D-vine copula to capture the multivariate dependence among conditional severities given frequencies due to its inherent temporal structure and rich bivariate copula families. The rejection sampling technique is developed to simulate the predictive distributions. Both the in-sample and out-of-sample studies show that the proposed multivariate frequency-severity model that accommodates non-linear dependence has satisfactory fitting and prediction performances.

Maochao Xu,Kristin M. Schweitzer,Raymond M. Bateman,Shouhuai Xu

DOI: https://doi.org/10.1109/tifs.2018.2834227

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Analyzing cyber incident data sets is an important method for deepening our understanding of the evolution of the threat situation. This is a relatively new research topic, and many studies remain to be done. In this paper, we report a statistical analysis of a breach incident data set corresponding to 12 years (2005-2017) of cyber hacking activities that include malware attacks. We show that, in contrast to the findings reported in the literature, both hacking breach incident inter-arrival times and breach sizes should be modeled by stochastic processes, rather than by distributions because they exhibit autocorrelations. Then, we propose particular stochastic process models to, respectively, fit the inter-arrival times and the breach sizes. We also show that these models can predict the inter-arrival times and the breach sizes. In order to get deeper insights into the evolution of hacking breach incidents, we conduct both qualitative and quantitative trend analyses on the data set. We draw a set of cybersecurity insights, including that the threat of cyber hacks is indeed getting worse in terms of their frequency, but not in terms of the magnitude of their damage.

Hong Sun,Maochao Xu,Peng Zhao

DOI: https://doi.org/10.1080/10920277.2020.1752255

2021-01-01

North American Actuarial Journal

Abstract:Malicious hacking data breaches cause millions of dollars in financial losses each year, and more companies are seeking cyber insurance coverage. The lack of suitable statistical approaches for scoring breach risks is an obstacle in the insurance industry. We propose a novel frequency–severity model to analyze hacking breach risks at the individual company level, which would be valuable for underwriting purposes. We find that breach frequency can be modeled by a hurdle Poisson model, which is different from the negative binomial model used in the literature. The breach severity shows a heavy tail that can be captured by a nonparametric- generalized Pareto distribution model. We further discover a positive nonlinear dependence between frequency and severity, which our model also accommodates. Both the in-sample and out-of-sample studies show that the proposed frequency–severity model that accommodates nonlinear dependence has satisfactory performance and is superior to the other models, including the independence frequency–severity and Tweedie models.

Diane Dolezel,Brad Beauvais,Paula Stigler Granados,Lawrence Fulton,Clemens Scott Kruse

DOI: https://doi.org/10.2196/51471

2023-12-21

Abstract:Background: Health care data breaches are the most rapidly increasing type of cybercrime; however, the predictors of health care data breaches are uncertain. Objective: This quantitative study aims to develop a predictive model to explain the number of hospital data breaches at the county level. Methods: This study evaluated data consolidated at the county level from 1032 short-term acute care hospitals. We considered the association between data breach occurrence (a dichotomous variable), predictors based on county demographics, and socioeconomics, average hospital workload, facility type, and average performance on several hospital financial metrics using 3 model types: logistic regression, perceptron, and support vector machine. Results: The model coefficient performance metrics indicated convergent validity across the 3 model types for all variables except bad debt and the factor level accounting for counties with >20% and up to 40% Hispanic populations, both of which had mixed coefficient directionality. The support vector machine model performed the classification task best based on all metrics (accuracy, precision, recall, F1-score). All the 3 models performed the classification task well with directional congruence of weights. From the logistic regression model, the top 5 odds ratios (indicating a higher risk of breach) included inpatient workload, medical center status, pediatric trauma center status, accounts receivable, and the number of outpatient visits, in high to low order. The bottom 5 odds ratios (indicating the lowest odds of experiencing a data breach) occurred for counties with Black populations of >20% and <40%, >80% and <100%, and >40% but <60%, as well as counties with ≤20% Asian or between 80% and 100% Hispanic individuals. Our results are in line with those of other studies that determined that patient workload, facility type, and financial outcomes were associated with the likelihood of health care data breach occurrence. Conclusions: The results of this study provide a predictive model for health care data breaches that may guide health care managers to reduce the risk of data breaches by raising awareness of the risk factors.

Shizhen Bai,Jinjin Zheng,Wenya Wu,Dongrui Gao,Xiujin Gu

DOI: https://doi.org/10.3389/fpubh.2024.1438579

IF: 5.2

2024-11-07

Frontiers in Public Health

Abstract:Background: Within China's healthcare landscape, the sharing of medical data has emerged as a pivotal force propelling advancements in the insurance sector and enhancing patient engagement with healthcare services. However, medical institutions often exhibit reluctance toward data sharing due to apprehensions regarding data security and privacy safeguards. To navigate this conundrum, our research introduces and empirically validates a model grounded in evolutionary game theory, offering a robust theoretical framework and actionable strategies for facilitating healthcare data sharing while harmonizing the dual imperatives of data utility and privacy preservation. Methods: In this paper, we construct an evolutionary game model involving medical institutions, big data innovation platforms, and insurance companies within the context of digital platforms. The model integrates exogenous causes of data breaches, endogenous causes of data breaches, compensation payments, government penalties, subsidies, unreasonable fees, claims efficiency, and insurance fraud. Results: The stability analysis of the evolutionary game identifies eight equilibrium points among medical institutions, platforms, and insurance companies. Numerical simulations demonstrate convergence toward strategy E 7 = (0, 0, 1), suggesting a trend for medical institutions to adopt a fully anonymous information-sharing strategy, platforms to implement strict regulation, and insurance companies to opt for an auditing approach. Sensitivity analysis reveals that the parameters selected in this study significantly influence the players' behavioral choices and the game's equilibria. Conclusions: When breaches occur, medical institutions tend to seek co-sharing between platforms and insurance companies. This promotes enhanced regulation by platforms and incentivizes insurance companies to perform audits. If the responsibility for the breach is attributed to the platform or the insurance company, the liability sharing system will push healthcare organizations to choose a fully anonymous information sharing strategy. Otherwise, medical institutions will choose partially anonymous information sharing for more benefits. In case of widespread data leakage, the amount of compensation shall augment, and the role of compensation shall replace the role of government supervision. Then, the government shall penalize them, which shall reduce the motivation of each subject.

public, environmental & occupational health

Qian Wang,Shenyang Jiang,Eric W. T. Ngai,Baofeng Huo

DOI: https://doi.org/10.1002/joom.1294

IF: 6.72

2024-01-01

Journal of Operations Management

Abstract:With the increasing digitization and networking of medical data and personal health information, information security has become a critical factor in vendor selection. However, limited understanding exists regarding how information security influences vendor selection. Drawing from the attention-based view (ABV), this study examines the potential impact of data breaches on hospitals' selection of electronic medical record system (EMRS) vendors. To test our hypotheses, we compile a unique dataset spanning 12 years of observations from US hospitals. Utilizing a coarsened exact matching (CEM) technique combined with a difference-in-differences (DiD) approach, our study shows that hospitals tend to replace their EMRS vendors after experiencing data breaches. Moreover, breached hospitals tend to prioritize information security in such a vendor replacement process by switching to star vendors and migrating towards a single-sourcing configuration. Further post-hoc analyses reveal that these impacts of data breaches are mitigated as the relationship between breached hospitals and vendors matures or when hospitals belong to large healthcare systems. Additionally, we find that the effects of data breaches are contingent on the scale of the breach and are short-term in nature. This research underscores the significance of information security as a crucial consideration in vendor selection for both academia and practitioners. We find that hospitals tend to change their electronic medical record system (EMRS) vendors following data breaches. During this replacement, they are more inclined to select star vendors and migrate towards a single-sourcing configuration. We also find that the impacts of data breaches can be mitigated as the relationship between breached hospitals and vendors matures, or when hospitals are integrated into larger healthcare systems. Additionally, we find that the effects of data breaches are dependent on the scale of the breach and are typically short-term in nature.

Sruti Bhagavatula,Lujo Bauer,Apu Kapadia

DOI: https://doi.org/10.48550/arXiv.2010.09843

2021-05-28

Abstract:Awareness about security and privacy risks is important for developing good security habits. Learning about real-world security incidents and data breaches can alert people to the ways in which their information is vulnerable online, thus playing a significant role in encouraging safe security behavior. This paper examines 1) how often people read about security incidents online, 2) of those people, whether and to what extent they follow up with an action, e.g., by trying to read more about the incident, and 3) what influences the likelihood that they will read about an incident and take some action. We study this by quantitatively examining real-world internet-browsing data from 303 participants. Our findings present a bleak view of awareness of security incidents. Only 16% of participants visited any web pages related to six widely publicized large-scale security incidents; few read about one even when an incident was likely to have affected them (e.g., the Equifax breach almost universally affected people with Equifax credit reports). We further found that more severe incidents as well as articles that constructively spoke about the incident inspired more action. We conclude with recommendations for specific future research and for enabling useful security incident information to reach more people.

Cryptography and Security,Computers and Society

Jingxin Lei,Ying MacNab

DOI: https://doi.org/10.1016/j.sste.2024.100658

Abstract:The gap between the reported and actual COVID-19 infection cases has been an issue of concern. Here, we present Bayesian hierarchical spatiotemporal disease mapping models for state-level predictions of COVID-19 infection risks and (under)reporting rates among people aged 65 and above during the first two years of the pandemic in the United States. With prior elicitation based on recent prevalence studies, the study suggests that the median state-level reporting rate of COVID-19 infection was 90% (interquartile range: [78%, 96%]). Our study uncovers spatiotemporal variations and dynamics in state-level infection risks and (under)reporting rates, suggesting time-varying associations between higher population density, higher percentage of minorities, and higher percentage of vaccination and increased risks of COVID-19 infection, as well as an association between more easily accessible tests and higher reporting rates. With sensitivity analyses, we highlight the impact and importance of incorporating covariates information and objective prior references for evaluating the issue of underreporting.

Murat Ozer,Yasin Kose,Mehmet Bastug,Goksel Kucukkaya,Eva Ruhsar Varlioglu

2024-04-07

Abstract:This study examines the impact of the COVID-19 pandemic on cybersecurity and data breaches, with a specific focus on the shift toward remote work. The study identifies trends and offers insights into cybersecurity incidents by analyzing data breaches two years before and two years after the start of remote work. Data was collected from the Montana Department of Justice Data Breach database and consisted of data breaches that occurred between April 2018 and April 2022. The findings inform best practices for cybersecurity preparedness in remote work environments, aiding organizations to enhance their defenses. Although the study's data is limited to Montana, it offers valuable insights for cybersecurity professionals worldwide. As remote work continues to evolve, organizations must remain adaptable and vigilant in their cybersecurity strategies.

Cryptography and Security,Computers and Society

Călin Vâlsan,Andreea-Ionela Puiu,Elena Druică

DOI: https://doi.org/10.3390/math12162579

IF: 2.4

2024-08-23

Mathematics

Abstract:We survey the literature on the use of Benford's distribution digit analysis applied to COVID-19 case data reporting. We combine a bibliometric analysis of 32 articles with a survey of their content and findings. In spite of combined efforts from teams of researchers across multiple countries and universities, using large data samples from a multitude of sources, there is no emerging consensus on data misreporting. We believe we are nevertheless able to discern a faint pattern in the segregation of findings. The evidence suggests that studies using very large, aggregate samples and a methodology based on hypothesis testing are marginally more likely to identify significant deviations from Benford's distribution and to attribute this deviation to data tampering. Our results are far from conclusive and should be taken with a very healthy dose of skepticism. Academics and policymakers alike should remain mindful that the misreporting controversy is still far from being settled.

mathematics

Jukka Ruohonen,Kalle Hjerppe,Maximilian von Zastrow

DOI: https://doi.org/10.1145/3664476.3670456

2024-07-28

Abstract:This paper explores the novel topic of data breach journalism and data breach news through the case of <a class="link-external link-http" href="http://databreaches.net" rel="external noopener nofollow">this http URL</a>, a news outlet dedicated to data breaches and related cyber crime. Motivated by the issues in traditional crime news and crime journalism, the case is explored by the means of text mining. According to the results, the outlet has kept a steady publishing pace, mainly focusing on plain and short reporting but with generally high-quality source material for the news articles. Despite these characteristics, the news articles exhibit fairly strong sentiments, which is partially expected due to the presence of emotionally laden crime and the long history of sensationalism in crime news. The news site has also covered the full scope of data breaches, although many of these are fairly traditional, exposing personal identifiers and financial details of the victims. Also hospitals and the healthcare sector stand out. With these results, the paper advances the study of data breaches by considering these from the perspective of media and journalism.

Cryptography and Security,Computers and Society

Steve G.A. van de Weijer,Rutger Leukfeldt,Wim Bernasco

DOI: https://doi.org/10.1177/1477370818773610

2018-05-19

European Journal of Criminology

Abstract:Although the prevalence of cybercrime has increased rapidly, most victims do not report these offenses to the police. This is the first study that compares associations between victim characteristics and crime reporting behavior for traditional crimes versus cybercrimes. Data from four waves of a Dutch cross-sectional population survey are used ( N = 97,186 victims). Results show that cybercrimes are among the least reported types of crime. Moreover, the determinants of crime reporting differ between traditional crimes and cybercrimes, between different types of cybercrime (that is, identity theft, consumer fraud, hacking), and between reporting cybercrimes to the police and to other organizations. Implications for future research and practice are discussed.

criminology & penology

Samuel Tweneboah-Koduah,Francis Atsu,Ramjee Prasad

DOI: https://doi.org/10.13052/jcsm2245-1439.931

2020-04-27

Journal of Cyber Security and Mobility

Abstract:The paper assesses how stock market volatility reacts to data breach disclosure. The paper applies Volatility Event Analysis and Kolmogorov-Smirnov Test to analyse how equity risk (stock volatility) of 96 firms listed on the S&P 500 index reacted to the announcement of a data breach using records from Breach Level Index (BLI ) over the period between January 2013 and December 2018. Two levels of empirical analysis were performed: cross-section level and industry level. We employ statistical tests that adjust for the effects of cross-section firm-specific mean and volatility. The analysis delivers the following results: Firstly, cross-sectional analysis shows that there is evidence of significant abnormal across the firms and significant difference between before and after cyberattacks announcements. Secondly, the industry level analysis reveals that the firms in the financial industry exhibit more abnormal volatility and returns than firms in other sectors. Additionally, there is significant evidence of the difference in pre and post cyberattacks or data breach announcements, however, this effect tends to be more pronounced after the announcement of a data breach. Implying that data breach announcements can significantly influence equity volatility. In conclusion, the paper posits, equity investors and other stakeholders should reconsider their approach to cybersecurity events when updating the risk measures of their stocks and portfolios.

Mohammad G. Nejad,Hossein Sabzian

DOI: https://doi.org/10.1108/ijbm-01-2024-0023

2024-09-29

The International Journal of Bank Marketing

Abstract:Purpose Previous studies on consumer financial fraud (CFF) have primarily focused on micro-level relationships. This study seeks to provide a holistic macro-level perspective of CFF patterns in the USA. We explore whether CFFs follow a geographical pattern in the USA and evaluate whether and how the patterns and strength of spatial interrelations between states have changed over time, particularly pre-, during and post-COVID-19 Pandemic. Design/methodology/approach This research investigates the spatial patterns inherent in four CFF variables – total reported frauds, percentage of frauds reporting a loss, total losses and median loss – across the contiguous USA from 2018 to 2022. An in-depth examination was conducted at the state level by applying Moran's I method on the consumer sentinel network data, a database administered by the Federal Trade Commission. Findings The findings provide robust and statistically significant spatial autocorrelation of four CFF variables across the contiguous USA that are persistent from 2018 to 2022, consistent across all discerned patterns. Moreover, upon aggregating average values over the entire study period, total losses emerge as the dimension displaying the most pronounced positive clustering. Finally, the strength of spatial autocorrelation patterns has increased post-COVID-19 Pandemic for total reported frauds, percentage of frauds reporting a loss and total losses, and it has reduced for the median loss. Practical implications The sustained spatial autocorrelation in total losses underscores an elevated interconnectedness in economic and social dynamics among neighboring states. This implies that states in close proximity are predisposed to exhibit analogous levels of total and median losses. This reveals a discernible pattern in the distribution of total losses across contiguous US states, even though the values of total reported frauds and total losses variables were adjusted based on the state population. Social implications The findings furnish valuable insights for policymakers, consumer protection agencies, federal and local government agencies and law enforcement agencies, offering a nuanced understanding and targeted interventions to address the spatial dimensions of CFF effectively. The increase in the strength of the spatial dependencies following COVID-19 shows the increased importance of considering spatial dependencies when designing policies and activities to combat CFF activities. The sustained spatial autocorrelation in total losses underscores an elevated interconnectedness in economic and social dynamics among neighboring states. States in close proximity are predisposed to exhibit analogous levels of total and median losses. This finding reveals a discernible pattern in the distribution of total losses across contiguous US states. To account for state size, the total number of reported frauds and total monetary losses variables were adjusted based on the state's population. Originality/value The study provides empirical evidence for spatial autocorrelation for CFF patterns across the states within the contiguous USA. The work shows that adopting a spatial approach to studying CFF offers a promising area for future research.

business