Skip to main content

Modeling the Risk of Data Breach Incidents at the Firm Level

  • Conference paper
  • First Online:
Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1195))

  • 1466 Accesses

Abstract

Many firms and organizations are at risk of cyberattack nowadays. For example, in 2018 alone, 443 data breaches in Japan compromised some 5.61 million records of personal information. To respond to this threat, firms asset a risk of cybersecurity and introduce IT security management practices. However, it is unclear whether firms are able to identifying the tradeoff between effect of development of IT security practices and the risk of data breach. To address this, we propose a probabilistic model that estimates the risk of a data breach for a given firm using the Japan Network Security Association incident dataset, being a historical collection of cyber incidents from 2005 to 2018. This model yields the conditional probabilities of a data breach given conditions, which follows a negative binomial distribution. We highlight the difference in inter-arrival time between firms with security management and one without it. Based on the experimental results, we evaluate effects of security management and discuss some reasons for these differences.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Information security incident survey report (JNSA dataset). Japan Network Security Association (2018)

    Google Scholar 

  2. Cybersecurity Management Guidelines Ver1.1. In: Ministry of Economy, Trade and Industry Home page. https://www.meti.go.jp/policy/netsecurity/downloadfiles/CSM_Guidelines_v1.1_en.pdf. Accessed 19 March

  3. What is cyber insurance. In: cyber-hoken.com. https://cyberhoken-jp.com/cyber-hoken. Accessed 19 March

  4. Sakuma, J., Inomata, A.: Proposal for improvement of penetration on investigation and analysis of cyber insurance. Internet Oper. Technol. (IOT) (IPSJ) 9, 1–8 (2019)

    Google Scholar 

  5. Edwards, B., Hofmeyr, S., Forrest, S.: Hype and heavy tails: a closer look at data breaches. J. Cybersecur. 2, 3–14 (2016)

    Article  Google Scholar 

  6. Kokaji, A., Harada, Y., Goto, A.: A consideration of assessment on cyber security in financial institutions. Electron. Intell. Prop. (IPSJ) 1, 1–5 (2019)

    Google Scholar 

  7. Maillart, T., Sornette, D.: Heavy-tailed distribution of cyber-risks. Eur. Phys. J. B 75, 357–364 (2010)

    Article  Google Scholar 

  8. Wheatley, S., Maillart, T., Sornette, T.: The extreme risk of personal data breaches and the erosion of privacy. Eur. Phys. J. B 89, 1–12 (2016)

    Article  Google Scholar 

  9. Eling, M., Loperfido, N.: What are the actual costs of cyber risk events? Eur. J. Oper. Res. 272, 1109–1119 (2019)

    Article  Google Scholar 

  10. Yamada, M., Ikegami, K., Kikuchi, H., Inui, K.: Assessment of the effect of decreasing data breach by the management situation (2). In: Computer Security Symposium (CSS 2018), pp. 376–384 (2018)

    Google Scholar 

  11. Sen, R., Borle, S.: Estimating the contextual risk of data breach: an empirical approach. J. Manage. Inf. Syst. 32, 314–341 (2015)

    Article  Google Scholar 

  12. Eling, M., Loperfido, N.: Data breaches: goodness of fit, pricing, and risk measurement. Insur.: Math. Econ. 75, 126–136 (2017)

    MathSciNet  MATH  Google Scholar 

  13. Xu, M., Schweitzer, K., Bateman, R., Xu, S.: Modeling and predicting cyber hacking breaches. IEEE Trans. Inf. Forensics Secur. 13, 2856–2871 (2018)

    Article  Google Scholar 

  14. Romanosky, S., Telang, R., Acquisti, A.: Do data breach disclosure laws reduce identify theft? J. Policy Anal. Manage. 30, 256–286 (2011)

    Article  Google Scholar 

  15. Massey Jr., F.: The Kolmogorov-Smirnov test for goodness of fit. J. Am. Stat. Assoc. 46, 68–78 (1951)

    Article  Google Scholar 

  16. Nelder, J.A., Wedderburn, R.W.M.: Generalized linear models. J. Roy. Stat. Soc. Ser. A (Gener.) 135, 370–384 (1972)

    Article  Google Scholar 

  17. CSR DATA: Toyo Keizai Data Services (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Kazuki Ikegami .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ikegami, K., Kikuchi, H. (2021). Modeling the Risk of Data Breach Incidents at the Firm Level. In: Barolli, L., Poniszewska-Maranda, A., Park, H. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing . IMIS 2020. Advances in Intelligent Systems and Computing, vol 1195. Springer, Cham. https://doi.org/10.1007/978-3-030-50399-4_14

Download citation

Publish with us

Policies and ethics