Best Security Measures to Reduce Cyber-Incident and Data Breach Risks

Hiroaki Kikuchi; Michihiro Yamada; Kazuki Ikegami; Koji Inui

doi:10.1007/978-3-030-93944-1_1

Best Security Measures to Reduce Cyber-Incident and Data Breach Risks

Hiroaki Kikuchi, Michihiro Yamada, Kazuki Ikegami, Koji Inui

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Corporations plan to adopt appropriate combinations of data privacy managements to mitigate the risk of data breach. Examples of such well-established measures include the certification of an information security management system, a periodic security auditing, and dedicated positions such as a Chief Information Officer (CIO). However, the effectiveness of introducing each of these measures to reduce the risk of data breach is unclear. To assess the effective risk reduction, this work combines the big data of cyber incidents with the attributes of corporations and computes the relative risk with respect to these security measures. Our analysis of five-year data from about 6,000 corporations reveals a negative effect for most measures. The results must be biased by industry characteristics associated with the risk of cyber incidents such as business style and company scale, which are known confounding factors. After investigating company attributes individually, we identify the significant confounding factors that represent obstacles to risk analysis. Using hypothesis testing and multiple logistic regression analysis, we adjust odds ratios for 17 security measures, social responsibilities, environmental conditions, and employment arrangements. The results confirm that an environmental auditing reduces the risk by one-third at a statistically significant level.

Original language	English
Title of host publication	Data Privacy Management, Cryptocurrencies and Blockchain Technology - ESORICS 2021 International Workshops, DPM 2021 and CBT 2021, Revised Selected Papers
Editors	Joaquin Garcia-Alfaro, Jose Luis Muñoz-Tapia, Guillermo Navarro-Arribas, Miguel Soriano
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	3-19
Number of pages	17
ISBN (Print)	9783030939434
DOIs	https://doi.org/10.1007/978-3-030-93944-1_1
Publication status	Published - 2022
Event	16th International Workshop on Data Privacy Management, DPM 2021, and 5th International Workshop on Cryptocurrencies and Blockchain Technology, CBT 2021 held in conjunction with ESORICS 2021 - Virtual, Online Duration: 8 Oct 2021 → 8 Oct 2021

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13140 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th International Workshop on Data Privacy Management, DPM 2021, and 5th International Workshop on Cryptocurrencies and Blockchain Technology, CBT 2021 held in conjunction with ESORICS 2021
City	Virtual, Online
Period	8/10/21 → 8/10/21

Access to Document

10.1007/978-3-030-93944-1_1

Cite this

Kikuchi, H., Yamada, M., Ikegami, K., & Inui, K. (2022). Best Security Measures to Reduce Cyber-Incident and Data Breach Risks. In J. Garcia-Alfaro, J. L. Muñoz-Tapia, G. Navarro-Arribas, & M. Soriano (Eds.), Data Privacy Management, Cryptocurrencies and Blockchain Technology - ESORICS 2021 International Workshops, DPM 2021 and CBT 2021, Revised Selected Papers (pp. 3-19). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13140 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-93944-1_1

Kikuchi, Hiroaki ; Yamada, Michihiro ; Ikegami, Kazuki ; Inui, Koji. / Best Security Measures to Reduce Cyber-Incident and Data Breach Risks. Data Privacy Management, Cryptocurrencies and Blockchain Technology - ESORICS 2021 International Workshops, DPM 2021 and CBT 2021, Revised Selected Papers. editor / Joaquin Garcia-Alfaro ; Jose Luis Muñoz-Tapia ; Guillermo Navarro-Arribas ; Miguel Soriano. Springer Science and Business Media Deutschland GmbH, 2022. pp. 3-19 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{6e0aac2cae1546388ca9d368ae7d641c,

title = "Best Security Measures to Reduce Cyber-Incident and Data Breach Risks",

abstract = "Corporations plan to adopt appropriate combinations of data privacy managements to mitigate the risk of data breach. Examples of such well-established measures include the certification of an information security management system, a periodic security auditing, and dedicated positions such as a Chief Information Officer (CIO). However, the effectiveness of introducing each of these measures to reduce the risk of data breach is unclear. To assess the effective risk reduction, this work combines the big data of cyber incidents with the attributes of corporations and computes the relative risk with respect to these security measures. Our analysis of five-year data from about 6,000 corporations reveals a negative effect for most measures. The results must be biased by industry characteristics associated with the risk of cyber incidents such as business style and company scale, which are known confounding factors. After investigating company attributes individually, we identify the significant confounding factors that represent obstacles to risk analysis. Using hypothesis testing and multiple logistic regression analysis, we adjust odds ratios for 17 security measures, social responsibilities, environmental conditions, and employment arrangements. The results confirm that an environmental auditing reduces the risk by one-third at a statistically significant level.",

author = "Hiroaki Kikuchi and Michihiro Yamada and Kazuki Ikegami and Koji Inui",

note = "Funding Information: Acknowledgments. We thank the Japan Network Security Association for the cyber-security incident dataset. This work was supported by SPS KAKENHI, Grant Numbers JP16K03755 and JP18H04099. Funding Information: We thank the Japan Network Security Association for the cybersecurity incident dataset. This work was supported by SPS KAKENHI, Grant Numbers JP16K03755 and JP18H04099. Publisher Copyright: {\textcopyright} 2022, Springer Nature Switzerland AG.; 16th International Workshop on Data Privacy Management, DPM 2021, and 5th International Workshop on Cryptocurrencies and Blockchain Technology, CBT 2021 held in conjunction with ESORICS 2021 ; Conference date: 08-10-2021 Through 08-10-2021",

year = "2022",

doi = "10.1007/978-3-030-93944-1_1",

language = "English",

isbn = "9783030939434",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "3--19",

editor = "Joaquin Garcia-Alfaro and Mu{\~n}oz-Tapia, {Jose Luis} and Guillermo Navarro-Arribas and Miguel Soriano",

booktitle = "Data Privacy Management, Cryptocurrencies and Blockchain Technology - ESORICS 2021 International Workshops, DPM 2021 and CBT 2021, Revised Selected Papers",

}

Kikuchi, H, Yamada, M, Ikegami, K & Inui, K 2022, Best Security Measures to Reduce Cyber-Incident and Data Breach Risks. in J Garcia-Alfaro, JL Muñoz-Tapia, G Navarro-Arribas & M Soriano (eds), Data Privacy Management, Cryptocurrencies and Blockchain Technology - ESORICS 2021 International Workshops, DPM 2021 and CBT 2021, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13140 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 3-19, 16th International Workshop on Data Privacy Management, DPM 2021, and 5th International Workshop on Cryptocurrencies and Blockchain Technology, CBT 2021 held in conjunction with ESORICS 2021, Virtual, Online, 8/10/21. https://doi.org/10.1007/978-3-030-93944-1_1

Best Security Measures to Reduce Cyber-Incident and Data Breach Risks. / Kikuchi, Hiroaki; Yamada, Michihiro; Ikegami, Kazuki; Inui, Koji.

Data Privacy Management, Cryptocurrencies and Blockchain Technology - ESORICS 2021 International Workshops, DPM 2021 and CBT 2021, Revised Selected Papers. ed. / Joaquin Garcia-Alfaro; Jose Luis Muñoz-Tapia; Guillermo Navarro-Arribas; Miguel Soriano. Springer Science and Business Media Deutschland GmbH, 2022. p. 3-19 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13140 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Best Security Measures to Reduce Cyber-Incident and Data Breach Risks

AU - Kikuchi, Hiroaki

AU - Yamada, Michihiro

AU - Ikegami, Kazuki

AU - Inui, Koji

N1 - Funding Information: Acknowledgments. We thank the Japan Network Security Association for the cyber-security incident dataset. This work was supported by SPS KAKENHI, Grant Numbers JP16K03755 and JP18H04099. Funding Information: We thank the Japan Network Security Association for the cybersecurity incident dataset. This work was supported by SPS KAKENHI, Grant Numbers JP16K03755 and JP18H04099. Publisher Copyright: © 2022, Springer Nature Switzerland AG.

PY - 2022

Y1 - 2022

N2 - Corporations plan to adopt appropriate combinations of data privacy managements to mitigate the risk of data breach. Examples of such well-established measures include the certification of an information security management system, a periodic security auditing, and dedicated positions such as a Chief Information Officer (CIO). However, the effectiveness of introducing each of these measures to reduce the risk of data breach is unclear. To assess the effective risk reduction, this work combines the big data of cyber incidents with the attributes of corporations and computes the relative risk with respect to these security measures. Our analysis of five-year data from about 6,000 corporations reveals a negative effect for most measures. The results must be biased by industry characteristics associated with the risk of cyber incidents such as business style and company scale, which are known confounding factors. After investigating company attributes individually, we identify the significant confounding factors that represent obstacles to risk analysis. Using hypothesis testing and multiple logistic regression analysis, we adjust odds ratios for 17 security measures, social responsibilities, environmental conditions, and employment arrangements. The results confirm that an environmental auditing reduces the risk by one-third at a statistically significant level.

AB - Corporations plan to adopt appropriate combinations of data privacy managements to mitigate the risk of data breach. Examples of such well-established measures include the certification of an information security management system, a periodic security auditing, and dedicated positions such as a Chief Information Officer (CIO). However, the effectiveness of introducing each of these measures to reduce the risk of data breach is unclear. To assess the effective risk reduction, this work combines the big data of cyber incidents with the attributes of corporations and computes the relative risk with respect to these security measures. Our analysis of five-year data from about 6,000 corporations reveals a negative effect for most measures. The results must be biased by industry characteristics associated with the risk of cyber incidents such as business style and company scale, which are known confounding factors. After investigating company attributes individually, we identify the significant confounding factors that represent obstacles to risk analysis. Using hypothesis testing and multiple logistic regression analysis, we adjust odds ratios for 17 security measures, social responsibilities, environmental conditions, and employment arrangements. The results confirm that an environmental auditing reduces the risk by one-third at a statistically significant level.

UR - http://www.scopus.com/inward/record.url?scp=85124651112&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-93944-1_1

DO - 10.1007/978-3-030-93944-1_1

M3 - Conference contribution

AN - SCOPUS:85124651112

SN - 9783030939434

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 3

EP - 19

BT - Data Privacy Management, Cryptocurrencies and Blockchain Technology - ESORICS 2021 International Workshops, DPM 2021 and CBT 2021, Revised Selected Papers

A2 - Garcia-Alfaro, Joaquin

A2 - Muñoz-Tapia, Jose Luis

A2 - Navarro-Arribas, Guillermo

A2 - Soriano, Miguel

PB - Springer Science and Business Media Deutschland GmbH

T2 - 16th International Workshop on Data Privacy Management, DPM 2021, and 5th International Workshop on Cryptocurrencies and Blockchain Technology, CBT 2021 held in conjunction with ESORICS 2021

Y2 - 8 October 2021 through 8 October 2021

ER -

Kikuchi H, Yamada M, Ikegami K, Inui K. Best Security Measures to Reduce Cyber-Incident and Data Breach Risks. In Garcia-Alfaro J, Muñoz-Tapia JL, Navarro-Arribas G, Soriano M, editors, Data Privacy Management, Cryptocurrencies and Blockchain Technology - ESORICS 2021 International Workshops, DPM 2021 and CBT 2021, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2022. p. 3-19. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-93944-1_1

Best Security Measures to Reduce Cyber-Incident and Data Breach Risks

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this