Abstract
Data breaches have become one of the biggest problems for organizations, costing an average of $7.2 million per breach (Symantec, 2011). Previous research on data breaches has focused on: (i) reducing the possibility of data breach by addressing employee compliance behavior, and (ii) understanding the impact of data breaches on organizations. We extended this research by content analyzing 2633 unique data breaches that resulted in loss of more than 500 million individual records. Our results indicate that data breaches continue to be a major issue for organizations. The results imply that the nature of the data breaches is changing. Data breaches are typically associated with hacking - however, our results indicate that breaches due to hacking are decreasing, whereas breaches due to ‘human element’ are increasing. One disconcerting result from our analysis is that data breaches that can be directly attributed to implementation and enforcement of security policies account for a major share. Collectively, the results indicate that organizations need to implement effective training and stricter enforcement of security policies.
Additional information
Notes on contributors
Ramakrishna Ayyagari
Ramakrishna Ayyagari is an Assistant Professor in Information Systems at the University of Massachusetts at Boston. He earned his doctorate in management from Clemson University. His work has been published or forthcoming in outlets such as MIS Quarterly, European Journal of Information Systems, Journal of the AIS, Decision Sciences, and the proceedings of various conferences.