It’s not my fault: The transfer of information security breach information

Tawei Wang, Yen Yao Wang, Ju Chun Yen

Research output: Contribution to journalArticlepeer-review

8 Scopus citations

Abstract

This article investigates the transfer of information security breach information between breached firms and their peers. Using a large data set of information security incidents from 2003 to 2013, the results suggest that 1) the effect of information security breach information transfer exists between breached firms and non-breached firms that offer similar products and 2) the effect of information transfer is weaker when the information security breach is due to internal faults or is related to the loss of personally identifiable information. Additional tests demonstrate that the effect of information transfer exhibits consistent patterns across time and with different types of information security breaches. Finally, the effect does not depend on whether the firms are IT intensive. Implications, limitations, and future research are discussed.

Original languageEnglish
Pages (from-to)18-37
Number of pages20
JournalJournal of Database Management
Volume30
Issue number3
DOIs
StatePublished - 1 Jul 2019

Keywords

  • Information security breach
  • Information transfer
  • PII
  • Personally identifiable information
  • Product similarity

Fingerprint

Dive into the research topics of 'It’s not my fault: The transfer of information security breach information'. Together they form a unique fingerprint.

Cite this