Date of Award
Summer 8-2020
Document Type
Dissertation
Degree Name
Doctor of Philosophy (PhD)
Department
Engineering Management & Systems Engineering
Program/Concentration
Engineering Management and Systems Engineering
Committee Director
C. Ariel Pinto
Committee Member
Steven Cotter
Committee Member
Michael McShane
Abstract
Cyber-systems provide convenience, ubiquity, economic advantage, and higher efficiency to both individuals and organizations. However, vulnerabilities of the cyber domain also offer malicious actors with the opportunities to compromise the most sensitive information. Recent cybersecurity incidents show that a group of hackers can cause a massive data breach, resulting in companies losing competitive advantage, reputation, and money. Governments have since taken some actions in protecting individuals and companies from such crime by authorizing federal agencies and developing regulations. To protect the public from losing their most sensitive records, governments have also been compelling companies to follow cybersecurity regulations. If companies are unsuccessfully protecting their customers' records, they are levied by the government agencies. Companies also may face litigation from individuals after the breach. If the company is a public company, then it must provide more details about the incident.
Data breach incidents are one of the significant concerns that organizations have been experiencing for a while. Quantifying the data breach risk into monetary language is a problem that organizations still try to solve due to the unavailability of the data and indirect costs. The cost incurred by personally identifiable information (PII) data breaches may even exceed one billion dollars. Therefore, the monetary cost of a PII data breach is an essential phenomenon that organizations need to forecast and be prepared to mitigate the impact.
The purpose of this study is to identify the correlation between the dependent and independent variables and to develop a predictive model to quantify the monetary value of the PII data breaches with multiple regression.
This study introduces two new categories for personal information; these are PII and sensitive PII. This new taxonomy accentuates the impact of sensitive information, which is more costly than not sensitive personal information. Next, this study also presents significant results that demonstrate the correlations between revenue, PII, SPII, and class-action lawsuits, and the dependent variable, which is the total cost of the data breach. Also, specific models developed in this study are able to predict the responses for new observations.
DOI
10.25777/6rm3-4v25
Recommended Citation
Poyraz, Omer I..
"Cyber-Assets at Risk (CAR): Monetary Impact of Personally Identifiable Information Data Breaches on Companies"
(2020). Doctor of Philosophy (PhD), Dissertation, Engineering Management & Systems Engineering, Old Dominion University, DOI: 10.25777/6rm3-4v25
https://digitalcommons.odu.edu/emse_etds/177
ORCID
0000-0002-9059-517X
Included in
Business Administration, Management, and Operations Commons, Information Security Commons, Systems Engineering Commons