Cloud computing data breaches: A review of U.S. regulation and data breach notification literature

Cloud computing has been massively adopted in healthcare, where it attracts economic, operational, and functional advantages beneficial to insurance providers. However, according to Identity Theft Resource Centre, over twenty-five percent of data breaches in the US targeted healthcare. The HIPAA Journal reported an increase in healthcare data breaches in the US in 2016, exposing over 16 million health records. The growing incidents of cyberattacks in healthcare are compelling insurance providers to implement mitigating controls. Addressing data security and privacy issues before cloud adoption protects from monetary and reputation losses. This article provides an assessment tool for health insurance providers when adopting cloud vendor solutions. The final deliverable is a proposed framework derived from prominent cloud computing and governance sources, such as the Cloud Security Alliance, Cloud Control Matrix (CSA, CCM) v 3.0.1 and COBIT 5 Cloud Assurance.

Download Full-text

Three Essays on Corporate Financial Constraints

10.26686/wgtn.16917442 ◽

2021 ◽

Author(s):

◽

Kwabena Boasiako

Keyword(s):

Credit Risk ◽

Financial Markets ◽

The United States ◽

Data Breach ◽

Data Breaches ◽

The Third ◽

Financial Deregulation ◽

Disclosure Laws ◽

The Impact ◽

The U.S

This thesis is composed of three self-contained empirical essays in corporate finance, with the first two exploring the financial policy and credit risk implications of data breaches, and the third examining whether financing influences the sensitivity of cash and investment to asset tangibility. In the first essay, we contribute to the growing debate on cybersecurity risks and how firms can insulate themselves, at least partially, from the adverse effects of data breach risks. Specifically, we examine the effects of data breach disclosure laws and the subsequent disclosure of data breaches on the cash policies of corporations in the United States (U.S.). Exploiting a series of natural experiments regarding staggered state-level data breach disclosure laws, we find that the passage of mandatory disclosure laws leads to an increase in cash holdings. Our finding suggests that mandatory data breach disclosure laws increase the ex ante risks related to data breaches, hence, firms hold on to more cash as a precautionary motive. Further, we find firms that suffer data breaches adjust their financial policies by holding more cash as well as decreasing external finance and investment. The second essay examines the impact of data breaches on firm credit risk. Using firm-level credit ratings and credit default swap (CDS) spreads to proxy for credit risk, we find that data breaches lead to increases in firm credit risk. Firms exposed to data breaches are more likely to experience credit rating downgrades and an increase in the CDS spread of traded bonds. Also, firms who suffer data breaches report lower sales and ROA, experience an increase in financial distress, and conditional on a data breach incident, the likelihood of a future data breach increases. Lastly, these effects are magnified for firms with low-interest coverage ratios. In the third essay, using the financial deregulation of seasoned equity issuance in the U.S. as an exogenous shock to access to equity markets, I investigate the influence of financing on the sensitivity of cash and investment to asset tangibility. I show that financing dampens the sensitivity of cash and investment to asset tangibility and promotes investment and firm growth. This provides evidence that public firms even in well-developed financial markets such as the U.S., benefit from financial deregulation that removes barriers to external equity financing, shedding light on the role of financial markets in fostering growth.

Download Full-text

Reducing Cloud Data Breaches and Improving Data Security using Honey Encryption Algorithm

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.k1253.09811s19 ◽

2019 ◽

Vol 8 (11S) ◽

pp. 1260-1264

Keyword(s):

Data Security ◽

Encryption Algorithm ◽

Secret Key ◽

Sensitive Data ◽

Data Breach ◽

Cloud Data ◽

Data Breaches ◽

Proposed Model ◽

Security Event ◽

Cloud Applications

Data security is the most predominant measure that should be followed in any organization to prevent uncertified access to user’s data. A data breach is a security event in which sensitive data is viewed, transmitted, stolen or used by an unauthorized individual. A number of breaches include compromised password files which reveal the passwords of millions of users in an organization. The paper is intended to identify such password breaches through honey encryption technique. Using the concept of honey words, each user has a list of sweet words corresponding to their account, out of which only one is original password and remaining are fake passwords. During Honey Encryption, Distribution-transforming encoder (DTE) is applied on the password to acquire the seed space which is then encrypted by using secret key. The proposed model can be efficiently implemented in cloud applications to highly reduce cloud data breaches.

Download Full-text

What to do after a data breach? Examining apology and compensation as response strategies for health service providers

Electronic Markets ◽

10.1007/s12525-021-00490-3 ◽

2021 ◽

Author(s):

Kristin Masuch ◽

Maike Greve ◽

Simon Trang

Keyword(s):

Health Service ◽

Health Services ◽

Service Providers ◽

Data Breach ◽

Data Breaches ◽

Response Strategies ◽

Customer Information ◽

Health Service Providers ◽

Recovery Strategies ◽

Fitness Tracker

AbstractInnovative IT-enabled health services promise tremendous benefits for customers and service providers alike. Simultaneously, health services by nature process sensitive customer information, and data breaches have become an everyday phenomenon. The challenge that health service providers face is to find effective recovery strategies after data breaches to retain customer trust and loyalty. We theorize and investigate how two widely applied recovery actions (namely apology and compensation) affect customer reactions after a data breach in the specific context of fitness trackers. Drawing on expectation confirmation theory, we argue that the recovery actions derived from practice, apology, and compensation address the assimilation-contrast model’s tolerance range and, thus, always lead to satisfaction with the recovery strategy, which positively influences customers’ behavior. We employ an experimental investigation and collect data from fitness tracker users during a running event. In the end, we found substantial support for our research model. Health service providers should determine specific customer expectations and align their data breach recovery strategies accordingly.

Download Full-text

Cyber Security, Challenges, Some Practical Solutions

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit19519 ◽

2019 ◽

pp. 79-87

Author(s):

Y. V. Sai Bharadwaj ◽

Sai Bhageerath Y. V ◽

Y.V.S.S.S.V. Prasada Rao

Keyword(s):

United States ◽

Cyber Security ◽

Identity Theft ◽

The United States ◽

Business Leaders ◽

Security Threat ◽

Data Breach ◽

Financial Access ◽

Data Breaches ◽

Security Challenges

Cybercrime continues to surge without a slowdown in sight. The cyber security threat continues to worsen. In the first half of 2018, the number of cyber breaches soared over 140% from a year earlier, leading to 33 billion compromised data records worldwide. Cyber Security news such as Marriott hack in Nov 2018 is dominating headlines and becoming a serious headache for business leaders. Malicious outsiders sparked more than half of the 944 breaches and accounted for roughly 80% of stolen, compromised or lost records. Identity theft continues to lead data breach types, but financial access incidents are escalating in severity as well. The United States continues to be the favorite target, and data breaches at major US enterprises continue to grab the headlines. In 2018, the most notable breaches have occurred at Adidas, FedEx, Jason’s Deli, Macy’s, Under Armour, Nordstrom’s and the most popular Facebook. [1].

Download Full-text

The Effects of Service Crises and Recovery Resources on Market Reactions: An Event Study Analysis on Data Breach Announcements

Journal of Service Research ◽

10.1177/10946705211036944 ◽

2021 ◽

pp. 109467052110369

Author(s):

Shahin Rasoulian ◽

Yany Grégoire ◽

Renaud Legoux ◽

Sylvain Sénécal

Keyword(s):

Stock Returns ◽

Event Study ◽

Service Failure ◽

Financial Data ◽

Causal Process ◽

Study Analysis ◽

Data Breach ◽

Market Reactions ◽

Data Breaches ◽

Recovery Resources

Building on the literatures on service failure and crisis seriousness, we develop a framework to understand the effects of a specific type of service crisis (i.e., data breaches) and organizational recovery resources on the reactions of the stock market. To do so, we conduct an event study analysis with a sample of 217 data breach announcements, as our empirical context. Our analyses reveal that a firm suffers from negative abnormal stock returns when either the outcome of the breach (e.g., the breach of financial data) or its causal process (e.g., hacker attack) indicates a high level of seriousness. Moreover, considering organizational recovery resources, we find that in the case of financial data breaches, age, size, profitability, liquidity, and brand familiarity are the primary resources that can help a firm’s recovery. For hacker attacks, these organizational recovery resources include size, profitability, and liquidity.

Download Full-text

NSW Needs a Strong Mandatory Data Breach Scheme: Submission to Inquiry into NSW Adopting a Mandatory Reporting Scheme for Data Breaches

SSRN Electronic Journal ◽

10.2139/ssrn.3442660 ◽

2019 ◽

Author(s):

Genna Churches ◽

Monika Zalnieriute ◽

Graham Greenleaf

Keyword(s):

Mandatory Reporting ◽

Data Breach ◽

Reporting Scheme ◽

Data Breaches

Download Full-text

Organizational Cyber Data Breach Analysis of Facebook, Equifax, and Uber Cases

International Journal of Cyber Research and Education ◽

10.4018/ijcre.2021010106 ◽

2021 ◽

Vol 3 (1) ◽

pp. 58-64

Author(s):

Young B. Choi

Keyword(s):

Identity Theft ◽

Collective Impact ◽

Incident Management ◽

Data Breach ◽

Data Breaches ◽

Organizational Infrastructure ◽

Management Procedures ◽

Personally Identifiable Information ◽

User Data ◽

Critical Aspects

Data breaches are events that have concluded in the compromise of personally identifiable information (PII) for millions of people globally. The consequences of such events can only result in certain serious outcomes, including identity theft. Such perilous outcomes highlight the importance of organizational entities accurately safeguarding and preserving the PII gathered from stakeholders or consumers. The user data breaches of Facebook, Equifax, and Uber concluded in the compromise of PII data for millions of consumers and employees, which are the most critical aspects that comprise any organizational infrastructure. This paper will examine the events leading to and transpiring after the data breaches of Facebook, Equifax, and Uber. In addition, the collective impact on every organization and its various incident management procedures will be addressed.

Download Full-text

The World is Polluted With Leaked Cyber Data

National Security ◽

10.4018/978-1-5225-7912-0.ch024 ◽

2019 ◽

pp. 497-513

Author(s):

Ivan D. Burke ◽

Renier P. van Heerden

Keyword(s):

Senior Management ◽

Security Threat ◽

Data Breach ◽

Corporate Networks ◽

Data Breaches ◽

It Managers ◽

The World ◽

Corporate Network ◽

Threat Levels ◽

Scale Data

Data breaches are becoming more common and numerous every day, where huge amount of data (corporate and personal) are leaked more frequently than ever. Corporate responses to data breaches are insufficient, when commonly remediation is minimal. This research proposes that a similar approach to physical pollution (environmental pollution) can be used to map and identify data leaks as Cyber pollution. Thus, IT institutions should be made aware of their contribution to Cyber pollution in a more measurable method. This article defines the concept of cyber pollution as: security vulnerable (such as unmaintained or obsolete) devices that are visible through the Internet and corporate networks. This paper analyses the recent state of data breach disclosures Worldwide by providing statistics on significant scale data breach disclosures from 2014/01 to 2016/12. Ivan Burke and Renier van Heerden model security threat levels similar to that of pollution breaches within the physical environment. Insignificant security openings or vulnerabilities can lead to massive exploitation of entire systems. By modelling these breaches as pollution, the aim is to introduce the concept of cyber pollution. Cyber pollution is a more tangible concept for IT managers to relay to staff and senior management. Using anonymised corporate network traffic with Open Source penetration testing software, the model is validated.

Download Full-text