EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

What Do We Know About Data Breaches? Empirical Evidence from the United States

Grzegorz Strupczewski ()
Additional contact information
Grzegorz Strupczewski: The Cracow University of Economics

A chapter in Eurasian Economic Perspectives, 2020, pp 281-299 from Springer

Abstract: Abstract The aim of the chapter is to assess data breach risk. In particular, severity of the risk is quantified and factors determining its severity are identified. We take a number of records compromised in one data breach incident as a proxy for severity of the data breach risk. This chapter helps to learn from the experience of almost 15 years of data protection and data breach notification regulations in the United States. It offers an interesting insight into the state of cybersecurity that can be indicated by a number of data breaches. Based on the Privacy Rights Clearinghouse database, we examine the statistical properties of data on data breaches disclosed in the United States from 2005 to 2016. The size of our dataset is 5102. The Kruskal–Wallis test is applied to verify our hypotheses. The severity of data breach is modeled by the Pareto distribution. The chapter concludes with several interesting results. Negligent data breaches appear twice more frequently than malicious ones. The dominant causes of data breaches vary by organization type. It suggests that cyber risk management strategies should be tailored to the individual profile of an entity. Surprisingly, implementation of the data breach notification state laws in the United States has not affected the number of breach incidents reported in particular states. Cause of data breach, type of organization, and geographical region are statistically significant factors that diversify the population of affected organizations in terms of severity of the loss.

Keywords: Cyber risk; Data breach; Data protection; Risk modeling (search for similar items in EconPapers)
Date: 2020
References: Add references at CitEc
Citations:

There are no downloads for this item, see the EconPapers FAQ for hints about obtaining it.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:spr:eurchp:978-3-030-40375-1_20

Ordering information: This item can be ordered from
http://www.springer.com/9783030403751

DOI: 10.1007/978-3-030-40375-1_20

Access Statistics for this chapter

More chapters in Eurasian Studies in Business and Economics from Springer
Bibliographic data for series maintained by Sonal Shukla () and Springer Nature Abstracting and Indexing ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-04-01
Handle: RePEc:spr:eurchp:978-3-030-40375-1_20