Is Bigger Safer? Analyzing Factors Related to Data Breaches Using Publicly Available Information

Abstract

Data breaches have affected hundreds of millions of people. As consumers are exposed to constant risks of data breaches, it makes sense to ask what are the factors that contribute to data breaches such that consumers can make more conscious decisions to reduce risks. For example, suppose a consumer want to open a bank account, shall she use a bigger international bank or a smaller community bank considering risks of data breaches? Existing work on risk or vulnerability analysis typically requires detail internal information of an information system, which is not available to the public. Furthermore organizations typically do not want results of such analysis of their IT systems to be made public. This paper proposes a novel approach that analyzes publicly available information to identify factors contributing to higher data breach risks. This paper valso presents an initial study that correlates data breaches in the US from 2005 to 2017 with publicly available information about affected organizations. We find that size and name recognition of these organizations are two factors contributing to higher data breach risks. This calls for further study in this direction.