Abstract
Many firms and organizations are at risk of cyberattack nowadays. For example, in 2018 alone, 443 data breaches in Japan compromised some 5.61 million records of personal information. To respond to this threat, firms asset a risk of cybersecurity and introduce IT security management practices. However, it is unclear whether firms are able to identifying the tradeoff between effect of development of IT security practices and the risk of data breach. To address this, we propose a probabilistic model that estimates the risk of a data breach for a given firm using the Japan Network Security Association incident dataset, being a historical collection of cyber incidents from 2005 to 2018. This model yields the conditional probabilities of a data breach given conditions, which follows a negative binomial distribution. We highlight the difference in inter-arrival time between firms with security management and one without it. Based on the experimental results, we evaluate effects of security management and discuss some reasons for these differences.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Information security incident survey report (JNSA dataset). Japan Network Security Association (2018)
Cybersecurity Management Guidelines Ver1.1. In: Ministry of Economy, Trade and Industry Home page. https://www.meti.go.jp/policy/netsecurity/downloadfiles/CSM_Guidelines_v1.1_en.pdf. Accessed 19 March
What is cyber insurance. In: cyber-hoken.com. https://cyberhoken-jp.com/cyber-hoken. Accessed 19 March
Sakuma, J., Inomata, A.: Proposal for improvement of penetration on investigation and analysis of cyber insurance. Internet Oper. Technol. (IOT) (IPSJ) 9, 1–8 (2019)
Edwards, B., Hofmeyr, S., Forrest, S.: Hype and heavy tails: a closer look at data breaches. J. Cybersecur. 2, 3–14 (2016)
Kokaji, A., Harada, Y., Goto, A.: A consideration of assessment on cyber security in financial institutions. Electron. Intell. Prop. (IPSJ) 1, 1–5 (2019)
Maillart, T., Sornette, D.: Heavy-tailed distribution of cyber-risks. Eur. Phys. J. B 75, 357–364 (2010)
Wheatley, S., Maillart, T., Sornette, T.: The extreme risk of personal data breaches and the erosion of privacy. Eur. Phys. J. B 89, 1–12 (2016)
Eling, M., Loperfido, N.: What are the actual costs of cyber risk events? Eur. J. Oper. Res. 272, 1109–1119 (2019)
Yamada, M., Ikegami, K., Kikuchi, H., Inui, K.: Assessment of the effect of decreasing data breach by the management situation (2). In: Computer Security Symposium (CSS 2018), pp. 376–384 (2018)
Sen, R., Borle, S.: Estimating the contextual risk of data breach: an empirical approach. J. Manage. Inf. Syst. 32, 314–341 (2015)
Eling, M., Loperfido, N.: Data breaches: goodness of fit, pricing, and risk measurement. Insur.: Math. Econ. 75, 126–136 (2017)
Xu, M., Schweitzer, K., Bateman, R., Xu, S.: Modeling and predicting cyber hacking breaches. IEEE Trans. Inf. Forensics Secur. 13, 2856–2871 (2018)
Romanosky, S., Telang, R., Acquisti, A.: Do data breach disclosure laws reduce identify theft? J. Policy Anal. Manage. 30, 256–286 (2011)
Massey Jr., F.: The Kolmogorov-Smirnov test for goodness of fit. J. Am. Stat. Assoc. 46, 68–78 (1951)
Nelder, J.A., Wedderburn, R.W.M.: Generalized linear models. J. Roy. Stat. Soc. Ser. A (Gener.) 135, 370–384 (1972)
CSR DATA: Toyo Keizai Data Services (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Ikegami, K., Kikuchi, H. (2021). Modeling the Risk of Data Breach Incidents at the Firm Level. In: Barolli, L., Poniszewska-Maranda, A., Park, H. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing . IMIS 2020. Advances in Intelligent Systems and Computing, vol 1195. Springer, Cham. https://doi.org/10.1007/978-3-030-50399-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-50399-4_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-50398-7
Online ISBN: 978-3-030-50399-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)