Shadow IT Behavior of Financial Executives in Germany and Italy as an Antecedent to Internal Data Security Breaches

Data security breaches are an increasingly common problem for organizations, yet there are critical gaps in our understanding of how different stakeholders understand and evaluate organizations that have experienced these kinds of security breaches. While organizations have developed relatively standard approaches to responding to security breaches that: (1) acknowledge the situation; (2) highlight how much they value their stakeholders’ privacy and private information; and (3) focus on correcting and preventing the problem in the future, the effectiveness of this response strategy and factors influencing it have not been adequately explored. This experiment focuses on a 2 (type of organization) x 2 (prior knowledge of breach risk) with a control group design. Findings suggest that perceptions of competence is the most important factor influencing outcome variables like behavioral intention and social responsibility evaluations.

Download Full-text

Protecting Consumer Privacy and Data Security: Regulatory Challenges and Potential Future Directions

Federal Law Review ◽

10.1177/0067205x1704500104 ◽

2017 ◽

Vol 45 (1) ◽

pp. 65-95 ◽

Cited By ~ 2

Author(s):

Stephen Corones ◽

Juliet Davis

Keyword(s):

United States ◽

Data Security ◽

The United States ◽

Online Privacy ◽

Criminal Proceedings ◽

Consumer Privacy ◽

Security Breaches ◽

Consumer Law ◽

Privacy Act ◽

Legal Obligations

This article considers the regulatory problems of online tracking behaviour, lack of consent to data collection, and the security of data collected with or without consent. Since the mid-1990s the United States Federal Trade Commission has been using its power under the United States consumer protection regime to regulate these problems. The Australian Competition and Consumer Commission (ACCC), on the other hand, has yet to bring civil or criminal proceedings for online privacy or data security breaches, which indicates a reluctance to employ the Australian Consumer Law (‘ACL’) in this field.1 Recent legislative action instead points to a greater application of the specifically targeted laws under the Privacy Act 1988 (Cth) (‘Privacy Act’), and the powers of the Office of the Australian Information Commissioner (OAIC), to protect consumer privacy and data security. This article contends that while specific legislation setting out, and publicly enforcing, businesses’ legal obligations with respect to online privacy and data protection is an appropriate regulatory response, the ACL's broad, general protections and public and/or private enforcement mechanisms also have a role to play in protecting consumer privacy and data security.

Download Full-text

Earnings Management in Firms with Data Security Breaches

Journal of Information Systems ◽

10.2308/isys-52480 ◽

2019 ◽

Vol 33 (3) ◽

pp. 267-284 ◽

Cited By ~ 1

Author(s):

Howard Xu ◽

Savannah (Yuanyaun) Guo ◽

Jacob Z. Haislip ◽

Robert E. Pinsker

Keyword(s):

Earnings Management ◽

Data Security ◽

Data Availability ◽

Real Earnings Management ◽

Matched Sample ◽

Analyst Coverage ◽

Subsequent Performance ◽

Security Breaches ◽

External Monitoring ◽

The Cost

ABSTRACT Anecdotal research suggests that management is concerned about how Data Security Breaches (DSBs) impact a firm's financial performance. We investigate: whether managers in DSB firms manipulate earnings through real earnings management (REM) and/or accrual-based earnings management (AEM); how breach type, disclosure delay, and external monitoring impact earnings management activities; and how earnings management activities influence a DSB firm's performance. Using a propensity score matched sample, results suggest that DSB firms are more likely to manipulate earnings via REM, but not AEM. Additionally, we find that DSB firms engage in REM through cutting discretionary expenses, decreasing discretionary cash spending, and reducing the cost of goods sold through overproduction. We find some evidence that firms are more likely to increase REM when DSBs involve financial information or when firms delay the DSB disclosure or have low analyst coverage. We provide evidence that REM activities lead to lower subsequent performance in DSB firms. Data Availability: The data used are publicly available from the sources cited in the text.

Download Full-text

Data Security Breaches and Privacy in Europe

10.1007/978-1-4471-5586-7 ◽

2013 ◽

Cited By ~ 1

Author(s):

Rebecca Wong

Keyword(s):

Data Security ◽

Security Breaches

Download Full-text

Towards Mitigating Uncertainty of Data Security Breaches and Collusion in Cloud Computing

2017 28th International Workshop on Database and Expert Systems Applications (DEXA) ◽

10.1109/dexa.2017.44 ◽

2017 ◽

Cited By ~ 9

Author(s):

Andrei Tchernykh ◽

Mikhail Babenko ◽

Nikolay Chervyakov ◽

Jorge M. Cortes-Mendoza ◽

Nikolay Kucherov ◽

...

Keyword(s):

Cloud Computing ◽

Data Security ◽

Security Breaches

Download Full-text

Market Price Effects of Data Security Breaches

Information Security Journal A Global Perspective ◽

10.1080/19393555.2011.611860 ◽

2011 ◽

Vol 20 (6) ◽

pp. 263-273 ◽

Cited By ~ 4

Author(s):

Edward A. Morse ◽

Vasant Raval ◽

John R. Wingender

Keyword(s):

Data Security ◽

Market Price ◽

Security Breaches ◽

Price Effects

Download Full-text

Breaching intellectual capital: critical reflections on Big Data security

Meditari Accountancy Research ◽

10.1108/medar-06-2017-0154 ◽

2018 ◽

Vol 26 (3) ◽

pp. 463-482 ◽

Cited By ~ 11

Author(s):

Matteo La Torre ◽

John Dumay ◽

Michele Antonio Rea

Keyword(s):

Big Data ◽

Intellectual Capital ◽

Data Security ◽

Economic Value ◽

Public Information ◽

Dark Side ◽

Content Type ◽

Security Breaches ◽

Managerial Implications ◽

New Research

PurposeReflecting on Big Data’s assumed benefits, this study aims to identify the risks and challenges of data security underpinning Big Data’s socio-economic value and intellectual capital (IC).Design/methodology/approachThe study reviews academic literature, professional documents and public information to provide insights, critique and projections for IC and Big Data research and practice.FindingsThe “voracity” for data represents a further “V” of Big Data, which results in a continuous hunt for data beyond legal and ethical boundaries. Cybercrimes, data security breaches and privacy violations reflect voracity and represent the dark side of the Big Data ecosystem. Losing the confidentiality, integrity or availability of data because of a data security breach poses threat to IC and value creation. Thus, cyberthreats compromise the social value of Big Data, impacting on stakeholders’ and society’s interests.Research limitations/implicationsBecause of the interpretative nature of this study, other researchers may not draw the same conclusions from the evidence provided. It leaves some open questions for a wide research agenda about the societal, ethical and managerial implications of Big Data.Originality/valueThis paper introduces the risks of data security and the challenges of Big Data to stimulate new research paths for IC and accounting research.

Download Full-text

Penetration Tools To Prevent Organizational Data Security Breaches

10.15405/epsbs.2019.12.03.27 ◽

2019 ◽

Author(s):

Onurhan Yılmaz

Keyword(s):

Data Security ◽

Security Breaches

Download Full-text

Building crisis capacity with data breaches: the role of stakeholder relationship management and strategic communication

Corporate Communications An International Journal ◽

10.1108/ccij-02-2021-0024 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Audra Diers-Lawson ◽

Amelia Symons ◽

Cheng Zeng

Keyword(s):

Data Security ◽

Crisis Communication ◽

Relationship Management ◽

Crisis Response ◽

Response Strategy ◽

Content Type ◽

Typical Response ◽

Data Breaches ◽

Security Breaches

PurposeData security breaches are an increasingly common and costly problem for organizations, yet there are critical gaps in our understanding of the role of stakeholder relationship management and crisis communication in relation to data breaches. In fact, though there have been some studies focusing on data breaches, little is known about what might constitute a “typical” response to data breaches whether those responses are effective at maintaining the stakeholders' relationship with the organization, their commitment to use the organization after the crisis, or the reputational threat of the crisis. Further, even less is known about the factors most influencing response and outcome evaluation during data breaches.Design/methodology/approachWe identify a “typical” response strategy to data breaches and then evaluate the role of this response in comparison to situation, stakeholder demographics and relationships between stakeholders, the issue and the organization using an experimental design. This experiment focuses on a 2 (type of organization) × 2 (prior knowledge of breach risk) with a control group design.FindingsFindings suggest that rather than employing reactive crisis response messaging the role of public relations should focus on proactive relationship building between organizations and key stakeholders.Originality/valueFor the last several decades much of the field of crisis communication has assumed that in the context of a crisis the response strategy itself would materially help the organization. These data suggest that the field crisis communication may have been making the wrong assumption. In fact, these data suggest that reactive crisis response has little-to-no effect once we consider the relationships between organizations, the issue and stakeholders. The findings show that an ongoing program of crisis capacity building is to an organization's strategic advantage when data security breaches occur.

Download Full-text