Is Bigger Safer? Analyzing Factors Related to Data Breaches Using Publicly Available Information

Files

icisspdatabreach.pdf (126.03 KB)

Links to Files

https://userpages.umbc.edu/~zhchen/papers/icissp-data-breach.pdf

Permanent Link

http://hdl.handle.net/11603/38563

Collections

UMBC Faculty Collection
UMBC College of Engineering and Information Technology Dean's Office
UMBC Information Systems Department
UMBC Student Collection

Author/Creator

Author/Creator ORCID

https://orcid.org/0000-0002-6984-7248
 https://orcid.org/0000-0001-5939-687X

Date

Type of Work

journal articles
Text

Department

Program

Citation of Original Publication

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.

Subjects

UMBC Cybersecurity Institute
UMBC Mobile, Pervasive and Sensor Computing Lab (MPSC Lab)
UMBC Mobile, Pervasive and Sensor Computing Lab (MPSC Lab)
UMBC Cybersecurity Institute

Abstract

Data breaches have affected hundreds of millions of people. As consumers are exposed to constant risks of data breaches, it makes sense to ask what are the factors that contribute to data breaches such that consumers can make more conscious decisions to reduce risks. For example, suppose a consumer want to open a bank account, shall she use a bigger international bank or a smaller community bank considering risks of data breaches? Existing work on risk or vulnerability analysis typically requires detail internal information of an information system, which is not available to the public. Furthermore organizations typically do not want results of such analysis of their IT systems to be made public. This paper proposes a novel approach that analyzes publicly available information to identify factors contributing to higher data breach risks. This paper valso presents an initial study that correlates data breaches in the US from 2005 to 2017 with publicly available information about affected organizations. We find that size and name recognition of these organizations are two factors contributing to higher data breach risks. This calls for further study in this direction.