Search results

This study aims to examine the influence of one or more information security breaches on an organisation’s stock market value as a way to benchmark the wider economic impact of such events.

An event studies-based approach was used where a measure of the event’s economic impact can be constructed using security prices observed over a relatively short period of time.

Based on the results, it is argued that, although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches.

One of the main limitations of this study was the quantity and quality of published data on security breaches, as organisations tend not to share this information.

One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives.

This study envisaged that as more breach event data become more widely available because of compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.

Cloud computing has disrupted the information technology (IT) industry. Associated benefits such as flexibility, payment on an on-demand basis and the lack of no need for IT staff are among the reasons for its adoption. However, these services represent not only benefits to users but also threats, with cybersecurity issues being the biggest roadblock to cloud computing success. Although ensuring data security on the cloud has been the responsibility of providers, these threats seem to be unavoidable. In such circumstances, both providers and users have to coordinate efforts to minimize negative consequences that might occur from these events. The purpose of this paper is to assess how providers and users can rely on social media to communicate risky events.

Based on the Situational Theory of Publics and trust, the authors developed three research questions to analyze stakeholders’ communication patterns after a security breach. By gathering Twitter data, the authors analyzed the data security breach faced by the Premera Blue Cross’ Web application.

The results indicate that Premera acted as the main source of information for Twitter users, while trustworthy actors such as IT security firms, specialists and local news media acted as intermediaries, creating small communities around them. Theoretical and practical implications are also discussed.

Social media could be used for diffusing information of potential threats; no research has assessed its usage in a cloud-based security breach context. The study aims to fill this gap and propose a framework to engage cloud users in co-securing their data along with cloud providers when they face similar situations.

The purpose of this paper is to investigate the private-data pertaining to the interaction of users with social media applications that can be recovered from second-hand Android devices.

This study uses a black-box testing-principles based methodology to develop use-cases that simulate real-world case-scenarios of the activities performed by the users on the social media application. The authors executed these use-cases in a controlled experiment and examined the Android smartphone to recover the private-data pertaining to these use-cases.

The results suggest that the social media data recovered from Android devices can reveal a complete timeline of activities performed by the user, identify all the videos watched, uploaded, shared and deleted by the user, disclose the username and user-id of the user, unveil the email addresses used by the user to download the application and share the videos with other users and expose the social network of the user on the platform. Forensic investigators may find this data helpful in investigating crimes such as cyber bullying, racism, blasphemy, vehicle thefts, road accidents and so on. However, this data-breach in Android devices is a threat to user's privacy, identity and profiling in second-hand market.

Perceived notion of data sanitisation as a result of application removal and factory-reset can have serious implications. Though being helpful to forensic investigators, it leaves the user vulnerable to privacy breach, identity theft, profiling and social network revealing in second-hand market. At the same time, users' sensitivity towards data-breach might compel users to refrain from selling their Android devices in second-hand market and hamper device recycling.

This study attempts to bridge the literature gap in social media data-breach in second-hand Android devices by experimentally determining the extent of the breach. The findings of this study can help digital forensic investigators in solving crimes such as vehicle theft, road accidents, cybercrimes and so on. It can assist smartphone users to decide whether to sell their smartphones in a second-hand market, and at the same time encourage developers and researchers to design methods of social media data sanitisation.

Reflecting on Big Data’s assumed benefits, this study aims to identify the risks and challenges of data security underpinning Big Data’s socio-economic value and intellectual capital (IC).

The study reviews academic literature, professional documents and public information to provide insights, critique and projections for IC and Big Data research and practice.

The “voracity” for data represents a further “V” of Big Data, which results in a continuous hunt for data beyond legal and ethical boundaries. Cybercrimes, data security breaches and privacy violations reflect voracity and represent the dark side of the Big Data ecosystem. Losing the confidentiality, integrity or availability of data because of a data security breach poses threat to IC and value creation. Thus, cyberthreats compromise the social value of Big Data, impacting on stakeholders’ and society’s interests.

Because of the interpretative nature of this study, other researchers may not draw the same conclusions from the evidence provided. It leaves some open questions for a wide research agenda about the societal, ethical and managerial implications of Big Data.

This paper introduces the risks of data security and the challenges of Big Data to stimulate new research paths for IC and accounting research.

Given the continuing growth in both the complexity and severity of cyber risk, a fundamental rethink of cyber risk management has become an issue of paramount importance, particularly as insurance firms are now providing both cyber risk management services and cyber risk insurance coverage. In this study, we set out to provide analyses of the prevailing cyber risk levels in various industries using the “Chronology of Data Breaches” database and then go on to assess the overall benefits of cyber risk insurance coverage. Our results reveal that compared to other industries, insurance firms exhibit superior cyber risk management. Regardless of internal and external cyber risk, insurance companies retain the lowest cyber losses. We further provide evidence to show that cyber risk insurance policies alone cannot effectively cover the potentially extreme cyber risk losses for most industries. However, the situation can be improved by implementing cyber risk management services provided by insurance firms. Insurance firms may need to provide an efficient cyber risk management system to lower the frequency and severity of extreme events.

The primary purpose of this study is to investigate the impact of information security breaches on hotel guests' perceived service quality, satisfaction, likelihood of recommending a hotel and revisit intentions.

Five‐hundred seventy‐four US travelers participated in this experimental study. The respondents were exposed to one of three different scenarios: “negative”, where an information security breach happened in the hotel where a person stayed last and guest information was compromised; “neutral”, where an information security breach happened and guest information remained safe; and “positive”, where participants were told that the hotel where they last stayed successfully passed a comprehensive security audit, meaning that their guest information is properly handled and secured.

The results of the study revealed a significant impact of the treatments on three of the four outcome variables: satisfaction, likelihood of recommending a hotel, and revisit intentions. Information security breach scenarios resulted in a negative impact on the outcome variables regardless of whether or not the guest's credit card information was compromised. A positive scenario revealed a significant increase in guest satisfaction and revisit intentions scores.

The findings of the study provide clear indication that hotel operators must continually strive to keep the sensitive data that is collected from their guests secure, and that failure to do so can have significant negative ramifications on current and future guests. The results also suggest that hotels should openly publicize their achievements in the field of PCI compliance.

The study contributes to the body of knowledge on the importance of credit card information security breaches to hotel guest satisfaction and future behavior. To date, this is the only study that has investigated this topic in the hospitality industry, and it therefore makes a significant improvement towards the understanding of the impact of information security breach on hotel guest perceptions and future intentions.

In the aftermath of data breaches, many firms offer compensation to affected customers to recover from damaged customer sentiments. To understand the effectiveness of such compensation offerings, Goode et al. (2017) examined the effects of compensation offered by Sony following the PlayStation Network breach in 2011. Although Goode et al. (2017) present key insights on data breach compensation, it is unclear whether their findings generalize beyond the context of subscription-based gaming platforms whose customers are young and experience substantial switching costs. To address this issue, we conducted a methodological replication in a retail context with low switching costs.

In our replication, we examine the effects of compensation offered by Home Depot in the aftermath of its data breach in 2014. Home Depot is the largest home improvement retailer in the US and presents a substantially different context. Data were collected from 901 participants using surveys.

Our results were consistent with the original study. We found that in retail breaches, effective compensation needs to meet customers' expectations because overcompensation or undercompensation leads to negative outcomes, such as decreased repurchase intention.

Our study provides insights into the effectiveness of compensation in the retail context and confirms the findings of Goode et al. (2017).

The purpose of this paper is two-fold: to explore the legal issue of the importance of personal data protection in the digital economy sector and to propose a legal framework for personal data protection as a consumer protection strategy and accelerate the digital economy.

This study is legal research. The research approach used was the comparative approach and statute approach. The legal materials used are all regulations regarding personal data protection that apply in Indonesia, Hong Kong and Malaysia. The technique of collecting legal materials is done by using library research techniques.

The value of Indonesia’s digital economy is the biggest in the Southeast Asia region, but data breach is still a big challenge to face. The Indonesian Consumers Foundation (Yayasan Lembaga Konsumen Indonesia) recorded 54 cases of a data breach in e-commerce, 27 cases in peer-to-peer lending and 5 cases in electronic money. Based on the results of a comparative study with Hong Kong and Malaysia, Indonesia has yet no specific Act that comprehensively regulates personal data protection. Indonesia also does not have a personal data protection commission. Criminal sanctions and civil claims related to data breaches have not yet been regulated.

This study examines the data breach problem in the Indonesian digital economy sector. However, the legal construction of personal data protection regulations is built on the results of a comparative study with Hong Kong and Malaysia.

The results of this study can be useful for constructing the ideal regulation regarding the protection of personal data in the digital economy sector.

The results of the recommendations in this study are expected to develop and strengthen the protection of personal data in the Indonesian digital economy sector. Besides aiming to prevent the misuse of personal data, the regulation aims to protect consumers and accelerate the growth of the digital economy.

Indonesia needs to create a personal data protection act. The act should at least cover such issues: personal data protection principles; types of personal data; management of personal data; mechanism of personal data protection and security; commission of personal data protection; transfers of personal data; resolution mechanism of personal data dispute and criminal sanctions and civil claims.

The paper proposes a privacy-preserving artificial intelligence-enabled video surveillance technology to monitor social distancing in public spaces.

The paper proposes a new Responsible Artificial Intelligence Implementation Framework to guide the proposed solution's design and development. It defines responsible artificial intelligence criteria that the solution needs to meet and provides checklists to enforce the criteria throughout the process. To preserve data privacy, the proposed system incorporates a federated learning approach to allow computation performed on edge devices to limit sensitive and identifiable data movement and eliminate the dependency of cloud computing at a central server.

The proposed system is evaluated through a case study of monitoring social distancing at an airport. The results discuss how the system can fully address the case study's requirements in terms of its reliability, its usefulness when deployed to the airport's cameras, and its compliance with responsible artificial intelligence.

The paper makes three contributions. First, it proposes a real-time social distancing breach detection system on edge that extends from a combination of cutting-edge people detection and tracking algorithms to achieve robust performance. Second, it proposes a design approach to develop responsible artificial intelligence in video surveillance contexts. Third, it presents results and discussion from a comprehensive evaluation in the context of a case study at an airport to demonstrate the proposed system's robust performance and practical usefulness.