Cyber-Assets at Risk (CAR): The Cost of Personally Identifiable Information Data Breaches

Authors

Omer Ilker Poyraz, Old Dominion UniversityFollow
Sarah Bouazzaoui, Old Dominion UniversityFollow
Omer Keskin, Old Dominion UniversityFollow
Michael McShane, Old Dominion UniversityFollow
Ariel Pinto, Old Dominion UniversityFollow

Document Type

Conference Paper

Publication Date

2020

DOI

10.34190/ICCWS.20.066

Publication Title

Proceedings of the 15th International Conference on Cyber Warfare and Security

Pages

402-410

Conference Name

15th International Conference on Cyber Warfare and Security, Norfolk, Virginia, March 12-13, 2020

Abstract

Severe financial consequences of data breaches enforce organizations to reconsider their cybersecurity investment. Although attack frequency and trends seem similar per industry, the impact of a data breach may exponentially increase depending on the type of information and the amount of the stolen data. Also, governments develop and improve laws and regulations to protect the privacy of individuals. Therefore, a failure of data security may yield severe penalties and class-action lawsuits, which can significantly increase the expenses than before. The monetary impact of a data breach is a new field of study that requires more sophisticated research and analysis. There are very few studies that quantify the monetary value of data breaches, which are based on the number of affected people or the number of stolen records. This study proposes a new methodology to quantify the monetary value of the data breaches by categorizing information as personally identifiable information (PII) and sensitive personally identifiable information (SPII). Our findings indicate that the categorization of the stolen information has more relation than solely the number of affected people or the number of stolen records. Also, SPII data breaches have more class-action lawsuits, which yield higher costs than PII data breaches.

Comments

This is the author's version of a work that was published in Proceedings of the 15th International Conference on Cyber Warfare and Security.

© 2020 The Authors.

Original Publication Citation

Poyraz, O. I., Pinto, C. A., Bouazzaoui, S., Keskin, O., & McShane, M. (2020). Cyber-assets at risk (CAR): The cost of personally identifiable information data breaches. 15th International Conference on Cyber Warfare and Security, Norfolk, Virginia, March 12-13, 2020.

Repository Citation

Poyraz, Omer Ilker; Bouazzaoui, Sarah; Keskin, Omer; McShane, Michael; and Pinto, Ariel, "Cyber-Assets at Risk (CAR): The Cost of Personally Identifiable Information Data Breaches" (2020). Engineering Management & Systems Engineering Faculty Publications. 49.
https://digitalcommons.odu.edu/emse_fac_pubs/49