To read the full version of this content please select one of the options below:

A longitudinal analysis of data breaches

Chlotia Posey Garrison (Department of Computer Science and Quantitative Methods, Winthrop University, Rock Hill, South Carolina, USA)
Matoteng Ncube (Department of Mathematics and Statistics, University of West Florida, Pensacola, Florida, USA)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 11 October 2011

Abstract

Purpose

The purpose of this research is to provide companies and consumers with information about the potential connections between data breach types and institutions. This study also aims to add to the body of knowledge about data breaches.

Design/methodology/approach

This study analyzes a chronology of five years of data breaches. The data were classified and analyzed by breach and institution type, record size, and state. Multiple statistical tests were performed.

Findings

Breach types stolen and exposed are statistically more likely to occur. Educational institutions are more likely to have a breach and it is more probable that educational breaches will be of type hacker or exposed. The proportion of insider incidents is smaller than the other breach types. The number of records breached is independent of institution and breach type.

Research limitations/implications

Only those breaches with a specified number of records are included. The information used may have been updated after our analysis, usually a change in the number of records identified.

Practical implications

Additional knowledge about characteristics of data breaches and the relationship between breach types and institution types will enable both businesses and consumers to be more effective in protecting sensitive information. Businesses will be able to create security budgets based on risk factors and consumers will be more aware of the risks of providing sensitive information.

Originality/value

This study provides a longitudinal analysis covering five years of data breaches and analyzes the relationship between five breach types and six types of institutions.

Keywords

Citation

Posey Garrison, C. and Ncube, M. (2011), "A longitudinal analysis of data breaches", Information Management & Computer Security, Vol. 19 No. 4, pp. 216-230. https://doi.org/10.1108/09685221111173049

Publisher

:

Emerald Group Publishing Limited

Copyright © 2011, Emerald Group Publishing Limited