TY - GEN
T1 - Modeling the risk of data breach incidents at the firm level
AU - Ikegami, Kazuki
AU - Kikuchi, Hiroaki
PY - 2021
Y1 - 2021
N2 - Many firms and organizations are at risk of cyberattack nowadays. For example, in 2018 alone, 443 data breaches in Japan compromised some 5.61 million records of personal information. To respond to this threat, firms asset a risk of cybersecurity and introduce IT security management practices. However, it is unclear whether firms are able to identifying the tradeoff between effect of development of IT security practices and the risk of data breach. To address this, we propose a probabilistic model that estimates the risk of a data breach for a given firm using the Japan Network Security Association incident dataset, being a historical collection of cyber incidents from 2005 to 2018. This model yields the conditional probabilities of a data breach given conditions, which follows a negative binomial distribution. We highlight the difference in inter-arrival time between firms with security management and one without it. Based on the experimental results, we evaluate effects of security management and discuss some reasons for these differences.
AB - Many firms and organizations are at risk of cyberattack nowadays. For example, in 2018 alone, 443 data breaches in Japan compromised some 5.61 million records of personal information. To respond to this threat, firms asset a risk of cybersecurity and introduce IT security management practices. However, it is unclear whether firms are able to identifying the tradeoff between effect of development of IT security practices and the risk of data breach. To address this, we propose a probabilistic model that estimates the risk of a data breach for a given firm using the Japan Network Security Association incident dataset, being a historical collection of cyber incidents from 2005 to 2018. This model yields the conditional probabilities of a data breach given conditions, which follows a negative binomial distribution. We highlight the difference in inter-arrival time between firms with security management and one without it. Based on the experimental results, we evaluate effects of security management and discuss some reasons for these differences.
UR - http://www.scopus.com/inward/record.url?scp=85087012548&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-50399-4_14
DO - 10.1007/978-3-030-50399-4_14
M3 - Conference contribution
AN - SCOPUS:85087012548
SN - 9783030503987
T3 - Advances in Intelligent Systems and Computing
SP - 135
EP - 148
BT - Innovative Mobile and Internet Services in Ubiquitous Computing - Proceedings of the 14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020
A2 - Barolli, Leonard
A2 - Poniszewska-Maranda, Aneta
A2 - Park, Hyunhee
PB - Springer
T2 - 14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020
Y2 - 1 July 2020 through 3 July 2020
ER -