The Impacts of Cyberattacks on Private Firms' Cash Holdings

Gadirova, Nurlana

25 March 2021

This research investigates 202 data breach events occurring between 2015 and 2019 and the related financial effects on the USA's impacted private firms. From examining previous research, it is obvious that no known studies evaluate the financial impacts of cybercrimes on private firms. Prior studies mostly focus on public firms and stock market reactions even though there is the increasing number of cyberattacks on private firms too. This study seeks to fill the gap by providing the empirical evidence of the impacts on those firms' cash holding after experiencing a cybersecurity attack. Overall, the results of this research show if the private firms that have been cyberattacked face the connate aftermath and follow the similar precautions as public firms with data breaches or not. I find that the firms that experienced an attack two years ago increase their cash holdings significantly, while an attack that happened a year ago can only impact cash holdings while interacting with tangibility and ROA of a firm. These results are essential as the private firms draw up a budget and reform strategies for coping with cyber incidents.

cybersecurity

private firms

data breaches

cash holdings

Data Breaches in Healthcare Security Systems

Reddy, Jahnavi

January 2021

No description available.

Computer Science

healthcare

security

autonomic computing

data breaches

malware

hospitals

THREE ESSAYS ON THE ECONOMICS OF INFORMATION SECURITY

Zhang, Leting

January 2022

In recent years, information security has been gaining increasing public attention and has become a high priority for organizations across various industries. Despite the substantial investment in improving security posture, cyber risks continue to escalate as digital transformations are growing rapidly, and new areas of cyber-vulnerability are exposed and exploited. Thus, a critical question for managers, stakeholders, and policymakers is: How to strategically ensure the security of digital assets? To explore the question, my dissertation explores and advances three critical themes in the economics of the information security field. These themes include: 1) unraveling antecedents of risks, 2) determining the optimal level of investment in cybersecurity, and 3) investigating how cybersecurity affects market dynamics. Essay 1 is motivated by security concerns in sharing data across organizations and empirically evaluates the impact of joining a Health Information Exchange (HIE) initiative on a hospital’s data breach risks and corresponding mechanisms. Essay 2 uses a game theoretical model to investigate how to design a cost-effective crowdsourcing solution to help organizations leverage crowds’ wisdom in vulnerability management. Essay 3 examines the role of peer cyber incidents in information asymmetry issues in the financial market and analyze how peer data breaches affect the quality of a firm’s cyber risk disclosure in its financial report. The dissertation sheds light on three crucial factors in information security management: information systems interdependency, innovated cybersecurity solutions, and cyber information asymmetry. / Business Administration/Management Information Systems

Business administration

Information technology

Cybersecurity

Data breaches

Economics

Firm

Organization

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

Waddell, Stanie Adolphus

01 January 2013

Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and Fulford undertook two studies in 2003 and in 2005 respectively that sought to catalogue the impact of the information security policy on breaches at businesses in the United Kingdom. The pair went on to call for additional studies in differing industry segments. This dissertation built upon Doherty and Fulford (2005). It sought to add to the body of knowledge by determining the statistical significance of the information security policy on breaches within Higher education. This research was able to corroborate the findings from Doherty and Fulford's original research. There were no observed statistically significant relationships between information security policies and the frequency and severity of information security breaches. This study also made novel contributions to the body of knowledge that included the analysis of the statistical relationships between information security awareness programs and information security breaches. This effort also analyzed the statistical relationships between information security policy enforcement and breaches. The results of the analysis indicated no statistically significant relationships. Additionally, this research observed that while information security policies are heavily utilized by colleges and universities, security awareness training is not heavily employed by institutions of higher education. This research noted that many institutions reported not having consistent enforcement of information security policies. The data observed during this research implies there is room for additional coverage of formal information security awareness programs and potentially a call to attempt alternative training methods to achieve a reduction of the occurrences and impact of security breaches. There is room for greater adoption of consistent enforcement of policy at higher education organizations. The results of this dissertation suggest that the existence of policy, training, and enforcement activities in and of themselves are not enough to sufficiently curtail breaches. Additional studies should be performed to better understand how breaches can be reduced.

Awareness Programs

Colleges and Universities

Information Security

Information Security Policies

Policy Enforcement

Security Breaches

Computer Sciences

Best Practices to Minimize Data Security Breaches for Increased Business Performance

Kongnso, Fedinand Jaiventume

01 January 2015

In the United States, businesses have reported over 2,800 data compromises of an estimated 543 million records, with security breaches costing firms approximately $7.2 million annually. Scholars and industry practitioners have indicated a significant impact of security breaches on consumers and organizations. However, there are limited data on the best practices for minimizing the impact of security breaches on organizational performance. The purpose of this qualitative multicase study was to explore best practices technology leaders use to minimize data security breaches for increased business performance. Systems theory served as the conceptual framework for this study. Fourteen participants were interviewed, including 2 technology executives and 5 technical staff, each from a banking firm in the Northcentral United States and a local government agency in the Southcentral United States. Data from semistructured interviews, in addition to security and privacy policy statements, were analyzed for methodological triangulation. Four major themes emerged: a need for implementation of security awareness education and training to mitigate insider threats, the necessity of consistent organization security policies and procedures, an organizational culture promoting data security awareness, and an organizational commitment to adopt new technologies and innovative processes. The findings may contribute to the body of knowledge regarding best practices technology leaders can use for securing organizational data and contribute to social change since secure organizational data might reduce consumer identity theft.

data breaches

data compromise

data security

information security

security awareness

security breach

Business

Databases and Information Systems

Web authenticity

Sedaghat, Soroush, University of Western Sydney, School of Computing and Information Technology

January 2002

Advancements in web technology such as the integration of operating platforms, the application of mobile applets and connectivity with databases into an encompassing web environment has promoted the development of complex web-based systems for enterprise computing. In this integration the inherent security flaws and associated problems of these technological advancements are also brought together under this web environment. These flaws, when exploited, could lead to system compromises of various kinds including stealing of security sensitive information, system take-over fabrication of fake electronic documents and illegal alteration to web sites contents. Therefore, the successful, prompt and appropriate responses of these complex web-based systems to security threats and breaches, such as in the cases of document tampering and misrepresentation from illegal users, are imperative in promoting the user's willingness and confidence when interacting with these systems. Accordingly, this has become one of the major concerns in development, management and operation of web-based systems. This thesis also studies the authentication of dynamic web contents through the application of a one-time digital signature. To this effect, relevant concepts and possible approaches have been discussed. Authentication and verification of dynamic contents, efficiently in the web environment, is suggested as a separate research area and as a direction for future work. / Master of Science (Honours) Computing

web technology

platform

mobile

security threats

breaches

connectivity

sensitive information

fabrication

illegal

Techniques for Supporting Prediction of Security Breaches in Critical Cloud Infrastructures Using Bayesian Network and Markov Decision Process

January 2015

abstract: Emerging trends in cyber system security breaches in critical cloud infrastructures show that attackers have abundant resources (human and computing power), expertise and support of large organizations and possible foreign governments. In order to greatly improve the protection of critical cloud infrastructures, incorporation of human behavior is needed to predict potential security breaches in critical cloud infrastructures. To achieve such prediction, it is envisioned to develop a probabilistic modeling approach with the capability of accurately capturing system-wide causal relationship among the observed operational behaviors in the critical cloud infrastructure and accurately capturing probabilistic human (users’) behaviors on subsystems as the subsystems are directly interacting with humans. In our conceptual approach, the system-wide causal relationship can be captured by the Bayesian network, and the probabilistic human behavior in the subsystems can be captured by the Markov Decision Processes. The interactions between the dynamically changing state graphs of Markov Decision Processes and the dynamic causal relationships in Bayesian network are key components in such probabilistic modelling applications. In this thesis, two techniques are presented for supporting the above vision to prediction of potential security breaches in critical cloud infrastructures. The first technique is for evaluation of the conformance of the Bayesian network with the multiple MDPs. The second technique is to evaluate the dynamically changing Bayesian network structure for conformance with the rules of the Bayesian network using a graph checker algorithm. A case study and its simulation are presented to show how the two techniques support the specific parts in our conceptual approach to predicting system-wide security breaches in critical cloud infrastructures. / Dissertation/Thesis / Masters Thesis Computer Science 2015

Computer science

Critical cloud infrastructures

predictive defense

probabilistic human behaviors

probabilistic reasoning

security breaches

Intangible Costs of Data Breach Events

Sinanaj, Griselda

17 October 2017

No description available.

330

Data breaches

Abnormal returns

Event study

Corporate reputation

Sentiment analysis

Wirtschaftswissenschaften (PPN621567140)

THE IMPACT OF DATA BREACH ON SUPPLIERS' PERFORMANCE: THE CASE OF TARGET

Tian Qi (8802305)

07 May 2020

The author investigated the condition under which competition effect and contagion effect impact the suppliers of the firm encountering data breach. An event study was conducted to analyze the stock price of 104 suppliers of Target after the large-scale data breach in 2013. The result showed that suppliers with high dependence on Target experienced negative abnormal return on the day after Target’s announcement, while those with low dependence experienced positive abnormal return. After regressing the abnormal return on some explanatory variables, the result showed that firms with better operational performance and high information technology capability were less negatively affected. This study suggested that suppliers who relatively highly rely on one customer company are susceptible for the negative shock from that customer because of contagion effect. Furthermore, maintaining good performance and investing in information technology can help firms reduce losses from negative events happened in customer companies.

Logistics and Supply Chain Management

data breaches

Event Study

supply chain network

When we see something that is well beyond our understanding : The duty of States to investigate war crimes and how it applies to autonomous weapons systems

Palmcrantz, Conrad

January 2019

This thesis analyses States’ duty to investigate grave breaches of humanitarian law and how it applies to deep reinforcement learning autonomous weapons. It identifies basic technologic intricacies related to deep reinforcement learning and discusses what issues may arise if such software is used in weapons systems. The thesis applies a legal doctrinal method to study how the technology could frustrate the grave breaches regime and hamper States’ ability to investigate suspected incidents. Furthermore, investigative standards under humanitarian law and human rights law are examined in the context of autonomous weapons systems.  The main argument is that deep reinforcement learning algorithms create a black box that is virtually impossible to investigate and consequently causes accountability issues.

lethal autonomous weapons

machine learning

grave breaches

accountability

command responsibility

Law (excluding Law and Society)