Search results

1 – 10 of over 11000
Open Access
Article
Publication date: 9 November 2022

Santhosh Srinivas and Huigang Liang

While every firm is striving to embrace digital transformation (DT) to form new differentiating business capabilities, there are dark sides to such initiatives, and it is…

Abstract

Purpose

While every firm is striving to embrace digital transformation (DT) to form new differentiating business capabilities, there are dark sides to such initiatives, and it is essential to acknowledge, identify and address them. The purpose of this paper is to identify and emperically demonstrate the impact of such darksides of DT. While a firm's DT effort may have many dark sides, the authors identify data breaches as the most critical one and focus on proving their impact since it can inflict significant damage to the firm.

Design/methodology/approach

Through the lens of paradox theory, the authors argue that the DT efforts of a firm will lead to increased risk and severity of data breaches. The authors developed a one-of-a-kind longitudinal data set by combining data from multiple sources, including 3604 brands over a 10-year period, and employed a DT performance scorecard to evaluate a firm's DT effort across four key digital selling touchpoints: site, mobile, digital marketing and social media.

Findings

The findings of this study show that a firm's DT efforts pertaining to its mobile and digital marketing platforms significantly increase the likelihood and severity of a data breach event indicating that these two channels are most vulnerable and need heightened attention from firms. Furthermore, the findings suggest that the negative repercussions of some DT initiatives may be minimized as the firm becomes more innovative. The findings can help firms re-strategize their DT efforts by promoting security and also encouraging a balanced communication strategy.

Originality/value

This research is one of the first to identify, recognize and empirically illustrate the downsides of a DT effort that is otherwise thought to provide only benefits.

Details

Journal of Electronic Business & Digital Economics, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2754-4214

Keywords

Article
Publication date: 24 November 2022

Tianxi Dong, Suning Zhu, Mauro Oliveira and Xin (Robert) Luo

Stock price reactions have often been used to evaluate the cost of data breaches in the current information systems (IS) security literature. To further this line of…

Abstract

Purpose

Stock price reactions have often been used to evaluate the cost of data breaches in the current information systems (IS) security literature. To further this line of research, this study examines the impact of data breaches on stock returns, information asymmetry and unsystematic firm risk in the context of COVID-19.

Design/methodology/approach

This paper employs an event study methodology and examines data breach events released in public databases, spanning pre- and post-COVID settings. This study investigated 283 data breaches of the US publicly traded firms, and the economic cost was measured by cumulative abnormal returns (CARs), trading volume, bid-ask spread and unsystematic risk.

Findings

The authors observe that data breaches during the COVID pandemic make investors react more negatively to data breach announcements, as reflected in the significantly negative difference in CARs between breached firms before COVID and those after COVID. The findings also indicate that, after the disclosure of data breach incidents, information asymmetry is reduced to a lesser extent compared with that in the pre-COVID setting. The authors also find that data breach events lead to an increase in the unsystematic risk of breached companies in the pre-COVID era but no change in the post-COVID era.

Originality/value

This study is the first effort to examine the economic consequences of data breaches by investigating the effects in the form of trading activities and risk measurement in the COVID setting.

Details

Industrial Management & Data Systems, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 0263-5577

Keywords

Article
Publication date: 20 October 2022

Maryam Firoozi and Chih Hao Ku

Despite an increasing trend in adoption of social media by for-profit organizations and their chief executive officers (CEOs), there is little understanding of how these…

Abstract

Purpose

Despite an increasing trend in adoption of social media by for-profit organizations and their chief executive officers (CEOs), there is little understanding of how these new channels of communication are incorporated into the broader communication domain of a firm to discharge accountability during a crisis, when accountability is of critical importance. More importantly, research on how people perceive a crisis and voice their opinions to firms and CEOs on social media in reaction to that crisis is rather limited. Therefore, in this study the authors investigate these questions.

Design/methodology/approach

This study is based on a case. The authors focus on the biggest data breach in Internet history in a pioneer technology firm, the Yahoo data breach. The authors conduct descriptive and dramaturgical analyses informed by Goffman to investigate how Yahoo manages its several front stages (communication channels), including social media during and after the Yahoo data breach announcements, and how people respond to the Yahoo's front stage management.

Findings

The results show that, during this crisis, Yahoo engages in management of its front stages by first limiting them to a few, then by redrawing the line between its back and front stages, and finally by expanding its front stages to include two-way communication channels, including social media. An ongoing accountability process back stage guides Yahoo's management of its front stages and undermines Yahoo's accountability in front stages. However, social media audiences challenge Yahoo's control of its front stages by using various frames to make sense of the crisis, and to demand accountability.

Originality/value

This study furthers the understanding of how social media platforms are positioned in a firm's broader communication channels during a crisis. It also enhances understanding of accountability demand, especially during critical times in a digitized era.

Details

Accounting, Auditing & Accountability Journal, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 0951-3574

Keywords

Open Access
Article
Publication date: 9 November 2021

Zareef Mohammed

Data breaches are an increasing phenomenon in today's digital society. Despite the preparations an organization must take to prevent a data breach, it is still necessary…

1094

Abstract

Purpose

Data breaches are an increasing phenomenon in today's digital society. Despite the preparations an organization must take to prevent a data breach, it is still necessary to develop strategies in the event of a data breach. This paper explores the key recovery areas necessary for data breach recovery.

Design/methodology/approach

Stakeholder theory and three recovery areas (customer, employee and process recovery) are proposed as necessary theoretical lens to study data breach recovery. Three data breach cases (Anthem, Equifax, and Citrix) were presented to provide merit to the argument of the proposed theoretical foundations of stakeholder theory and recovery areas for data breach recovery research.

Findings

Insights from these cases reveal four areas of recovery are necessary for data breach recovery – customer recovery, employee recovery, process recovery and regulatory recovery.

Originality/value

These areas are presented in the data recovery areas model and are necessary for: (1) organizations to focus on these areas when resolving data breaches and (2) future data breach recovery researchers in developing their research in the field.

Details

Organizational Cybersecurity Journal: Practice, Process and People, vol. 2 no. 1
Type: Research Article
ISSN: 2635-0270

Keywords

Article
Publication date: 5 May 2015

Robert E. Holtfreter and Adrian Harrington

The main purpose of this paper is to analyze the trends of various types of data breaches and their compromised records in the USA using a new model recently developed by…

2218

Abstract

Purpose

The main purpose of this paper is to analyze the trends of various types of data breaches and their compromised records in the USA using a new model recently developed by the authors.

Design/methodology/approach

The 2,280 data breaches and over 512 million related compromised records tracked by the Privacy Rights Clearinghouse from 2005 through 2010 were analyzed and classified into four external, five internal and one non-traceable data breach categories, after which trends were determined for each.

Findings

The findings indicate that although the trends for the annual number of data breaches and each of the internal and external categories and their related compromised records have increased over the six-year period, the changes have not been consistent from year to year.

Practical implications

By classifying data breaches into internal and external categories with the use of this new data breach model provides an excellent methodological framework for organizations to use to develop more workable strategies for safeguarding personal information of consumers, clients, employees and other entities.

Originality/value

The topic of data breaches remains salient to profit and nonprofit organizations, researchers, legislators, as well as criminal justice practitioners and consumer advocate groups.

Details

Journal of Financial Crime, vol. 22 no. 2
Type: Research Article
ISSN: 1359-0790

Keywords

Content available
Article
Publication date: 27 March 2020

Ahmad H. Juma'h and Yazan Alnsour

This paper aims to analyze the effect of data breaches – whose concerns and implications can be legal, social and economic – on companies’ overall performance.

2412

Abstract

Purpose

This paper aims to analyze the effect of data breaches – whose concerns and implications can be legal, social and economic – on companies’ overall performance.

Design/methodology/approach

Information on data breaches was collected from online compilations, and financial data on breached companies was collected from the Mergent Online database. The financial variables used were related to profitability, liquidity, solvency and company size to analyze the financial performance of the breached companies before and after the data breach event. Nonfinancial data, such as the type and the size of the breaches, was also collected. The data was analyzed using multiple regression.

Findings

The results confirm that nonmandatory information related to announcements of data breaches is a signal of companies’ overall performance, as measured by profitability ratios, return on assets and return on equity. The study does not confirm a relationship between data breaches and stock market reaction when measuring quarterly changes in share prices.

Research limitations/implications

The main limitation of the study relates to ratio and trend analyses. Such analyses are commonly used when researching accounting information. However, they do not directly reflect the companies’ conditions and realities, and they rely on companies’ released financial reports. Another limitation concerns the confounding factors. The major confounding factors around the data breaches’ dates were identified; however, this was not enough to assure that other factors were not affecting the companies’ financial performance. Because of the nature of such events, this study needs to be replicated to include specific information about the companies using case studies. Therefore, the authors recommend replicating the research to validate the article’s findings when each industry makes more announcements available.

Practical implications

To remediate the risks and losses associated with data breaches, companies may use their reserved funds.

Social implications

Company data breach announcements signal internal deficiencies. Therefore, the affected companies become liable to their employees, customers and investors.

Originality/value

The paper contributes to both theory and practice in the areas of accounting finance, and information management.

Details

International Journal of Accounting & Information Management, vol. 28 no. 2
Type: Research Article
ISSN: 1834-7649

Keywords

Article
Publication date: 11 October 2011

Chlotia Posey Garrison and Matoteng Ncube

The purpose of this research is to provide companies and consumers with information about the potential connections between data breach types and institutions. This study…

2544

Abstract

Purpose

The purpose of this research is to provide companies and consumers with information about the potential connections between data breach types and institutions. This study also aims to add to the body of knowledge about data breaches.

Design/methodology/approach

This study analyzes a chronology of five years of data breaches. The data were classified and analyzed by breach and institution type, record size, and state. Multiple statistical tests were performed.

Findings

Breach types stolen and exposed are statistically more likely to occur. Educational institutions are more likely to have a breach and it is more probable that educational breaches will be of type hacker or exposed. The proportion of insider incidents is smaller than the other breach types. The number of records breached is independent of institution and breach type.

Research limitations/implications

Only those breaches with a specified number of records are included. The information used may have been updated after our analysis, usually a change in the number of records identified.

Practical implications

Additional knowledge about characteristics of data breaches and the relationship between breach types and institution types will enable both businesses and consumers to be more effective in protecting sensitive information. Businesses will be able to create security budgets based on risk factors and consumers will be more aware of the risks of providing sensitive information.

Originality/value

This study provides a longitudinal analysis covering five years of data breaches and analyzes the relationship between five breach types and six types of institutions.

Details

Information Management & Computer Security, vol. 19 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 20 August 2020

Kholekile Gwebu and Clayton W. Barrows

The purpose of this study is to expand on the existing literature by specifically examining data security incidents within the hospitality industry, assessing origins and…

Abstract

Purpose

The purpose of this study is to expand on the existing literature by specifically examining data security incidents within the hospitality industry, assessing origins and causes, comparing breaches within the industry with those of other industries and identifying areas of concern.

Design/methodology/approach

A sample of data breach incidents is drawn from the Verizon VERIS Community Database (VCDB). Statistical comparisons between hospitality and non-hospitality industry firms are conducted following the Verizon A4 threat framework.

Findings

The results reveal that breaches between hospitality and non-hospitality firms differ significantly in terms of actors, actions, assets and attributes. Specifically, proportions of breaches in the hospitality industry are larger in terms of external actors, hacking and malware, user devices compromised and integrity violations. Additionally, compared to other industries, point-of-sales (POS) system breaches occur at a higher rate in the hospitality industry. The study finds that company size, hacking and malware predict the likelihood of a POS breach.

Research limitations/implications

The study uses secondary data and does not include the entire universe of data breaches.

Originality/value

In the quest to reduce data breach incidents, it is imperative to identify and assess the nature of data breach incidents between industries. Doing so permits the development of targeted industry-specific solutions rather than generic ones. This study systematically identifies differences between hospitality and non-hospitality data security incidents and then suggests areas where hospitality companies should focus future attention to mitigate breach incidents.

研究目的

本论文延展了现有文献, 检测了酒店业中的数据安全事故, 评估其起因, 比较其他产业和酒店产业数据泄露的区别, 以及找出关键区域。

研究设计/方法/途径

样本数据为 Verizon VERIS 社区数据库(VCDB)中的数据泄露事件。研究遵循Verizon A4 危险模型, 对酒店业和非酒店业之间事件进行了数据分析比较。

研究结果

研究结果表明酒店公司和非酒店公司的数据泄露在当事人、行为、资产、和属性方面, 有着很大不同。其中, 酒店业中的数据泄露比例在外部因素、黑客、病毒、用户端失灵、和违反道德方面比较大。此外, 相对其他产业, POS系统在酒店产业中的数据泄露概率较高。本论文发现公司规模、黑客、和病毒对POS数据泄露的影响有着重大决定作用。

研究理论限制/意义

本论文使用二手数据, 并未检测整体数据泄露数据。

研究原创性/价值

为了减少数据泄露事件, 产业之间数据泄露事件属性的认定和评价至关重要。因此, 可以针对具体产业具体事件制定出特定的解决方案。本论文系统上指出了酒店和非酒店业的数据安全事件的区别, 以及指出哪些方面, 酒店业应该重点关注, 以减少未来数据泄露事件。

Article
Publication date: 4 February 2022

Emmanuel W. Ayaburi

The study aims to empirically understand individuals' tendency to disclose private information online following different forms of data breach (i.e. reversible and…

Abstract

Purpose

The study aims to empirically understand individuals' tendency to disclose private information online following different forms of data breach (i.e. reversible and irreversible victimization).

Design/methodology/approach

Survey methodology is applied to measure the perception of victims of data breaches on key indicators of information disclosure.

Findings

Analysis of responses from 309 victims of data breaches show that while victims' irreversible data breach victimization experience influences both dimensions of privacy concerns, reversible data breach victimization experiences influenced only peer privacy concerns (PPCs). Furthermore, only institutional privacy concerns impacted online disclosure and fully mediate the relationship between victimization experience and online disclosure.

Research limitations/implications

The findings contribute to the privacy literature by expanding the dimension of victimization and considering their differential effect on privacy concerns. Additionally, the study uncovers the efficacy of privacy dimension on privacy recalibration following a data breach announcement.

Practical implications

For practice, the results provide insights for managers on how to manage customer restitution after a data breach. Management of the process of privacy recalibration should not be homogenous but be based on degree of consequence.

Social implications

This research provides deeper understanding of how the ascendancy of privacy breaches affect privacy management. The findings illuminate why the increasing trend in online activities is observed.

Originality/value

The study is the first to identify two dimensions of data breach victimization experience based on the breach level index (BLI). The two dimensions of victimization (i.e. reversible and irreversible privacy victimizations) were used to understand individuals' tendency to disclose private information online.

Details

Information Technology & People, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 0959-3845

Keywords

Article
Publication date: 8 April 2021

Atiya Avery

This study aims to evaluate changes to the financial performance of organizations in the 1–4 quarters following a data breach event. The study introduces two new…

Abstract

Purpose

This study aims to evaluate changes to the financial performance of organizations in the 1–4 quarters following a data breach event. The study introduces two new variables, “intangible assets” and “extraordinary losses” to the discussion on the impact of data breaches on an organization’s financial performance. Intangible assets allow us to gauge the data breach’s impact on the organization’s brand reputation and intellectual capital reserves. Extraordinary losses allow us to gauge if organizations considered data breaches truly detrimental to their operations that they rose to the level of “extraordinary” and not an event that could be incorporated into its usual operating expenses.

Design/methodology/approach

This study uses a matched sample comparison analysis of 47 organizations to understand the short-term and long-term impacts of data breach events on an organization’s financial performance.

Findings

Data breach events have some negative impacts on the organization’s profitability more than likely leading to a depletion of the organization’s assets. However, organizations do not perform better or worse in the short-term or long-term due to a data breach event; the organizations can be considered financially sustainable in the 1–4 quarters following a data breach disclosure.

Originality/value

This study takes two approaches to theory development. The first approach extends the current literature on data breach events as negative, value declining events to the organization’s performance, which is referred to as the “traditional view.” The second view posits that a data breach event may be a catalyst for enhanced long-term organization performance; this is referred to as the organizational sustainability and resiliency view.

Details

Information & Computer Security, vol. 29 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

1 – 10 of over 11000