Modeling the risk of data breach incidents at the firm level

Kazuki Ikegami; Hiroaki Kikuchi

doi:10.1007/978-3-030-50399-4_14

Modeling the risk of data breach incidents at the firm level

Kazuki Ikegami, Hiroaki Kikuchi

Department of Frontier Media Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Many firms and organizations are at risk of cyberattack nowadays. For example, in 2018 alone, 443 data breaches in Japan compromised some 5.61 million records of personal information. To respond to this threat, firms asset a risk of cybersecurity and introduce IT security management practices. However, it is unclear whether firms are able to identifying the tradeoff between effect of development of IT security practices and the risk of data breach. To address this, we propose a probabilistic model that estimates the risk of a data breach for a given firm using the Japan Network Security Association incident dataset, being a historical collection of cyber incidents from 2005 to 2018. This model yields the conditional probabilities of a data breach given conditions, which follows a negative binomial distribution. We highlight the difference in inter-arrival time between firms with security management and one without it. Based on the experimental results, we evaluate effects of security management and discuss some reasons for these differences.

Original language	English
Title of host publication	Innovative Mobile and Internet Services in Ubiquitous Computing - Proceedings of the 14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020
Editors	Leonard Barolli, Aneta Poniszewska-Maranda, Hyunhee Park
Publisher	Springer
Pages	135-148
Number of pages	14
ISBN (Print)	9783030503987
DOIs	https://doi.org/10.1007/978-3-030-50399-4_14
Publication status	Published - 2021
Event	14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020 - Lodz, Poland Duration: 1 Jul 2020 → 3 Jul 2020

Publication series

Name	Advances in Intelligent Systems and Computing
Volume	1195 AISC
ISSN (Print)	2194-5357
ISSN (Electronic)	2194-5365

Conference

Conference	14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020
Country	Poland
City	Lodz
Period	1/07/20 → 3/07/20

Access to Document

10.1007/978-3-030-50399-4_14

Link to publication in Scopus

Fingerprint Dive into the research topics of 'Modeling the risk of data breach incidents at the firm level'. Together they form a unique fingerprint.

Cite this

Ikegami, K., & Kikuchi, H. (2021). Modeling the risk of data breach incidents at the firm level. In L. Barolli, A. Poniszewska-Maranda, & H. Park (Eds.), Innovative Mobile and Internet Services in Ubiquitous Computing - Proceedings of the 14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020 (pp. 135-148). (Advances in Intelligent Systems and Computing; Vol. 1195 AISC). Springer. https://doi.org/10.1007/978-3-030-50399-4_14

Ikegami, Kazuki ; Kikuchi, Hiroaki. / Modeling the risk of data breach incidents at the firm level. Innovative Mobile and Internet Services in Ubiquitous Computing - Proceedings of the 14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020. editor / Leonard Barolli ; Aneta Poniszewska-Maranda ; Hyunhee Park. Springer, 2021. pp. 135-148 (Advances in Intelligent Systems and Computing).

@inproceedings{2924a0d6ab9c431bba4ffec7d337bc65,

title = "Modeling the risk of data breach incidents at the firm level",

abstract = "Many firms and organizations are at risk of cyberattack nowadays. For example, in 2018 alone, 443 data breaches in Japan compromised some 5.61 million records of personal information. To respond to this threat, firms asset a risk of cybersecurity and introduce IT security management practices. However, it is unclear whether firms are able to identifying the tradeoff between effect of development of IT security practices and the risk of data breach. To address this, we propose a probabilistic model that estimates the risk of a data breach for a given firm using the Japan Network Security Association incident dataset, being a historical collection of cyber incidents from 2005 to 2018. This model yields the conditional probabilities of a data breach given conditions, which follows a negative binomial distribution. We highlight the difference in inter-arrival time between firms with security management and one without it. Based on the experimental results, we evaluate effects of security management and discuss some reasons for these differences.",

author = "Kazuki Ikegami and Hiroaki Kikuchi",

year = "2021",

doi = "10.1007/978-3-030-50399-4_14",

language = "English",

isbn = "9783030503987",

series = "Advances in Intelligent Systems and Computing",

publisher = "Springer",

pages = "135--148",

editor = "Leonard Barolli and Aneta Poniszewska-Maranda and Hyunhee Park",

booktitle = "Innovative Mobile and Internet Services in Ubiquitous Computing - Proceedings of the 14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020",

note = "14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020 ; Conference date: 01-07-2020 Through 03-07-2020",

}

Ikegami, K & Kikuchi, H 2021, Modeling the risk of data breach incidents at the firm level. in L Barolli, A Poniszewska-Maranda & H Park (eds), Innovative Mobile and Internet Services in Ubiquitous Computing - Proceedings of the 14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020. Advances in Intelligent Systems and Computing, vol. 1195 AISC, Springer, pp. 135-148, 14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020, Lodz, Poland, 1/07/20. https://doi.org/10.1007/978-3-030-50399-4_14

Modeling the risk of data breach incidents at the firm level. / Ikegami, Kazuki; Kikuchi, Hiroaki.

Innovative Mobile and Internet Services in Ubiquitous Computing - Proceedings of the 14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020. ed. / Leonard Barolli; Aneta Poniszewska-Maranda; Hyunhee Park. Springer, 2021. p. 135-148 (Advances in Intelligent Systems and Computing; Vol. 1195 AISC).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Modeling the risk of data breach incidents at the firm level

AU - Ikegami, Kazuki

AU - Kikuchi, Hiroaki

PY - 2021

Y1 - 2021

N2 - Many firms and organizations are at risk of cyberattack nowadays. For example, in 2018 alone, 443 data breaches in Japan compromised some 5.61 million records of personal information. To respond to this threat, firms asset a risk of cybersecurity and introduce IT security management practices. However, it is unclear whether firms are able to identifying the tradeoff between effect of development of IT security practices and the risk of data breach. To address this, we propose a probabilistic model that estimates the risk of a data breach for a given firm using the Japan Network Security Association incident dataset, being a historical collection of cyber incidents from 2005 to 2018. This model yields the conditional probabilities of a data breach given conditions, which follows a negative binomial distribution. We highlight the difference in inter-arrival time between firms with security management and one without it. Based on the experimental results, we evaluate effects of security management and discuss some reasons for these differences.

AB - Many firms and organizations are at risk of cyberattack nowadays. For example, in 2018 alone, 443 data breaches in Japan compromised some 5.61 million records of personal information. To respond to this threat, firms asset a risk of cybersecurity and introduce IT security management practices. However, it is unclear whether firms are able to identifying the tradeoff between effect of development of IT security practices and the risk of data breach. To address this, we propose a probabilistic model that estimates the risk of a data breach for a given firm using the Japan Network Security Association incident dataset, being a historical collection of cyber incidents from 2005 to 2018. This model yields the conditional probabilities of a data breach given conditions, which follows a negative binomial distribution. We highlight the difference in inter-arrival time between firms with security management and one without it. Based on the experimental results, we evaluate effects of security management and discuss some reasons for these differences.

UR - http://www.scopus.com/inward/record.url?scp=85087012548&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-50399-4_14

DO - 10.1007/978-3-030-50399-4_14

M3 - Conference contribution

AN - SCOPUS:85087012548

SN - 9783030503987

T3 - Advances in Intelligent Systems and Computing

SP - 135

EP - 148

BT - Innovative Mobile and Internet Services in Ubiquitous Computing - Proceedings of the 14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020

A2 - Barolli, Leonard

A2 - Poniszewska-Maranda, Aneta

A2 - Park, Hyunhee

PB - Springer

T2 - 14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020

Y2 - 1 July 2020 through 3 July 2020

ER -

Ikegami K, Kikuchi H. Modeling the risk of data breach incidents at the firm level. In Barolli L, Poniszewska-Maranda A, Park H, editors, Innovative Mobile and Internet Services in Ubiquitous Computing - Proceedings of the 14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2020. Springer. 2021. p. 135-148. (Advances in Intelligent Systems and Computing). https://doi.org/10.1007/978-3-030-50399-4_14