Estimating the Contextual Risk of Data Breach: An Empirical Approach

Author List: Sen, Ravi; Borle, Sharad;

Journal of Management Information Systems, 2015, Volume 32, Issue 2, Page 314-341.

Data breach incidents are on the rise, and have resulted in severe financial and legal implications for the affected organizations. We apply the opportunity theory of crime, the institutional anomie theory, and institutional theory to identify factors that could increase or decrease the contextual risk of data breach. We investigate the risk of data breach in the context of an organization's physical location, its primary industry, and the type of data breach that it may have suffered in the past. Given the location of an organization, the study finds support for application of the opportunity theory of crime and the institutional anomie theory in estimating the risk of data breach incidents within a state. In the context of the primary industry in which an organization operates, we find support for the institutional theory and the opportunity theory of crime in estimating risk of data breach incidents within an industry. Interestingly though, support for the opportunity theory of crime is partial. We find that investment in information technology (IT) security corresponds to a higher risk of data breach incidents within both a state and an industry, a result contrary to the one predicted by the opportunity theory of crime. A possible explanation for the contradiction is that investments in IT security are not being spent on the right kind of data security controls, a fact supported by evidence from the industry. The work has theoretical and practical implications. Theories from criminology are used to identify the risk factors of data breach incidents and the magnitude of their impact on the risk of data breach. Insights from the study can help IT security practitioners to assess the risk environment of their firm (in terms of data breaches) based on the firm's location, its industry sector, and the kind of breaches that the firm may typically be prone to. > >

Keywords: computer crime; computer security ;data breach; data theft; information security; IT security risks

Algorithm:

List of Topics

#186	0.285	security information compliance policy organizations breach disclosure policies deterrence breaches incidents results study abuse managed isp violations based comply protection
#110	0.138	theory theories theoretical paper new understanding work practical explain empirical contribution phenomenon literature second implications different building based insights need
#24	0.126	institutional pressures logic theory normative embedded context incumbent contexts forces inertia institutionalized environment pressure identify mimetic dominant coupling board newly
#6	0.120	data used develop multiple approaches collection based research classes aspect single literature profiles means crowd collected trend accuracy databases accurate
#264	0.092	risk risks management associated managing financial appropriate losses expected future literature reduce loss approach alternative mitigate failures failure cause mitigation
#271	0.065	technology investments investment information firm firms profitability value performance impact data higher evidence diversification industry payoff return findings decisions greater
#198	0.055	factors success information critical management implementation study factor successful systems support quality variables related results key model csf importance determinants