Data breaches have massive consequences for companies, affecting them financially and undermining their reputation, which poses significant challenges to online security and the long-term viability of businesses. This study analyzes trends in data breaches in the United States, examining the frequency, causes, and magnitude of breaches across various industries. We document that data breaches are increasing, with hacking emerging as the leading cause. Our descriptive analyses explore factors influencing breaches, including security vulnerabilities, human error, and malicious attacks. The findings provide policymakers and businesses with actionable insights to bolster data security through proactive audits, patching, encryption, and response planning. By better understanding breach patterns and risk factors, organizations can take targeted steps to enhance protections and mitigate the potential damage of future incidents.
References
[1]
Schlackl, F., Link, N. and Hoehle, H. (2022) Antecedents and Consequences of Data Breaches: A Systematic Review. Information & Management, 59, Article 103638. https://doi.org/10.1016/j.im.2022.103638
[2]
Zadeh, A. (2022) Characterizing Data Breach Severity: A Data Analytics Approach. https://aisel.aisnet.org/treos_amcis2022/19
[3]
Neto, N.N., Madnick, S., Paula, A.M.G.D. and Borges, N.M. (2021) Developing a Global Data Breach Database and the Challenges Encountered. Journal of Data and Information Quality (JDIQ), 13, 1-33. https://doi.org/10.1145/3439873
[4]
Einstein, M. (2019) Amazing Statistics about Online Data Creation.
[5]
Reinsel, D., Gantz, J. and Rydning, J. (2018) The Digitalization of the World.
[6]
Martin, A.P., Pogkas, D. and Mathieu, B. (2019) Ransomware Hackers Hit Brakes Worldwide, Leaving Mystery in Wake. Computer Fraud & Security, 2019. https://doi.org/10.1016/S1361-3723(19)30034-X
[7]
Goldberg, E. (2013) Preventing a Data Breach from Becoming a Disaster. Journal of Business Continuity & Emergency Planning, 6, 295-303.
[8]
Jeyaraj, A., Zadeh, A. and Sethi, V. (2021) Cybersecurity Threats and Organisational Response: Textual Analysis and Panel Regression. Journal of Business Analytics, 4, 26-39. https://doi.org/10.1080/2573234X.2020.1863750
[9]
Cremer, F., Sheehan, B., Fortmann, M., Kia, A.N., Mullins, M., Murphy, F. and Materne, S. (2022) Cyber Risk and Cybersecurity: A Systematic Review of Data Availability. The Geneva Papers on Risk and Insurance-Issues and Practice, 47, 698-736. https://doi.org/10.1057/s41288-022-00266-6
[10]
Akhtar, N., Tabassum, N., Perwej, A. and Perwej, Y. (2020) Data Analytics and Visualization Using Tableau Utilitarian for COVID-19 (Coronavirus). Global Journal of Engineering and Technology Advances, 3, 28-50.
[11]
Toasa, R., Maximiano, M., Reis, C. and Guevara, D. (2018) Data Visualization Techniques for Real-Time Information—A Custom and Dynamic Dashboard for Analyzing Surveys’ Results. 2018 13th Iberian Conference on Information Systems and Technologies (CISTI), Caceres, 13-16 June 2018, 1-7. https://doi.org/10.23919/CISTI.2018.8398641
[12]
Zhang, L., Stoffel, A., Behrisch, M., Mittelstadt, S., Schreck, T., Pompl, R., Weber, S., Last, H. and Keim, D. (2012) Visual Analytics for the Big Data Era—A Comparative Review of State-of-the-Art Commercial Systems. 2012 IEEE Conference on Visual Analytics Science and Technology (VAST), Seattle, 14-19 October 2012, 173-182. https://doi.org/10.1109/VAST.2012.6400554
[13]
Sharma, N., Oriaku, E.A. and Oriaku, N. (2020) Cost and Effects of Data Breaches, Precautions, and Disclosure Laws. International Journal of Emerging Trends in Social Sciences, 8, 33-41. https://doi.org/10.20448/2001.81.33.41
[14]
Kilovaty, I. (2018) Data Breach through Social Engineering. Harvard Law Review Blog. https://ssrn.com/abstract=3216300
[15]
Hsu, J.S.-C., Shih, S.-P., Hung, Y.W. and Lowry, P.B. (2015) The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness. Information Systems Research, 26, 282-300. https://doi.org/10.1287/isre.2015.0569
[16]
Johnson, M.E. (2008) Information Risk of Inadvertent Disclosure: An Analysis of File-Sharing Risk in the Financial Supply Chain. Journal of Management Information Systems, 25, 97-124. https://doi.org/10.2753/MIS0742-1222250205
[17]
Kwon, J. and Johnson, M.E. (2015) Protecting Patient Data-The Economic Perspective of Healthcare Security. IEEE Security & Privacy, 13, 90-95. https://doi.org/10.1109/MSP.2015.113
[18]
Lowry, P.B. and Moody, G.D. (2015) Proposing the Control-Reactance Compliance Model (CRCM) to Explain Opposing Motivations to Comply with Organisational Information Security Policies. Information Systems Journal, 25, 433-463. https://doi.org/10.1111/isj.12043
[19]
Cavusoglu, H., Mishra, B. and Raghunathan, S. (2004) The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers. International Journal of Electronic Commerce, 9, 70-104. https://doi.org/10.1080/10864415.2004.11044320
[20]
Malhotra, A. and Kubowicz Malhotra, C. (2011) Evaluating Customer Information Breaches as Service Failures: An Event Study Approach. Journal of Service Research, 14, 44-59. https://doi.org/10.1177/1094670510383409
[21]
Wong, P.C. and Thomas, J. (2004) Visual Analytics. IEEE Computer Graphics and Applications, 24, 20-21. https://doi.org/10.1109/MCG.2004.39
[22]
Culnan, M.J. and Williams, C.C. (2009) How Ethics Can Enhance Organizational Privacy: Lessons from the Choicepoint and TJX Data Breaches. MIS Quarterly, 33, 673-687. https://doi.org/10.2307/20650322
[23]
Tomaszewski, J.P. (2006) Are You Sure You Had a Privacy Incident? IEEE Security & Privacy, 4, 64-66. https://doi.org/10.1109/MSP.2006.143
[24]
Lane, V. and Wright, F. (1978) Human Resources Systematically Applied to Ensure Computer Security. In: Bracchi, G. and Lockemann, P.C., Eds., Information Systems Methodology, Lecture Notes in Computer Science, Springer, Berlin, 684-695. https://doi.org/10.1007/3-540-08934-9_105
[25]
Loch, K.D., Carr, H.H. and Warkentin, M.E. (1992) Threats to Information Systems: Today’s Reality, Yesterday’s Understanding. MIS Quarterly, 16, 173-186. https://doi.org/10.2307/249574
[26]
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R. (2013) Future Directions for Behavioral Information Security Research. Computers & Security, 32, 90-101. https://doi.org/10.1016/j.cose.2012.09.010
[27]
Otto, P.N., Antón, A.I. and Baumer, D.L. (2007) The Choicepoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information. IEEE Security & Privacy, 5, 15-23. https://doi.org/10.1109/MSP.2007.126
[28]
Shropshire, J.D., Warkentin, M. and Johnston, A.C. (2010) Impact of Negative Message Framing on Security Adoption. Journal of Computer Information Systems, 51, 41-51.
[29]
Jiang, J.X. and Bai, G. (2019) Evaluation of Causes of Protected Health Information Breaches. JAMA Internal Medicine, 179, 265-267. https://doi.org/10.1001/jamainternmed.2018.5295
[30]
Quader, F. and Janeja, V.P. (2021) Insights into Organizational Security Readiness: Lessons Learned from Cyber-Attack Case Studies. Journal of Cybersecurity and Privacy, 1, 638-659. https://doi.org/10.3390/jcp1040032
[31]
Smith, T.T. (2016) Examining Data Privacy Breaches in Healthcare. Walden University, Minneapolis.
[32]
Cheng, L., Liu, F. and Yao, D. (2017) Enterprise Data Breach: Causes, Challenges, Prevention, and Future Directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7, e1211. https://doi.org/10.1002/widm.1211
[33]
Clearswift (2013) The Enemy within Research 2013.
[34]
Wikina, S.B. (2014) What Caused the Breach? An Examination of Use of Information Technology and Health Data Breaches. Perspectives in Health Information Management, 11.
[35]
Ayyagari, R. (2012) An Exploratory Analysis of Data Breaches from 2005-2011: Trends and Insights. Journal of Information Privacy and Security, 8, 33-56. https://doi.org/10.1080/15536548.2012.10845654
[36]
Hammouchi, H., Cherqi, O., Mezzour, G., Ghogho, M. and El Koutbi, M. (2019) Digging Deeper into Data Breaches: An Exploratory Data Analysis of Hacking Breaches over Time. Procedia Computer Science, 151, 1004-1009. https://doi.org/10.1016/j.procs.2019.04.141
[37]
Rashid, A., Ramdhany, R., Edwards, M., Kibirige Mukisa, S., Ali Babar, M., Hutchison, D. and Chitchyan, R. (2014) Detecting and Preventing Data Exfiltration.
[38]
IBM (2020) Cost of a Data Breach Report.
[39]
Seals, T. (2015) Insider Threats Responsible for 43% of Data Breaches.
[40]
Saleem, H. and Naveed, M. (2020) SoK: Anatomy of Data Breaches. Proceedings on Privacy Enhancing Technologies, 2020, 153-174. https://doi.org/10.2478/popets-2020-0067
[41]
Manworren, N., Letwat, J. and Daily, O. (2016) Why You Should Care about the Target Data Breach. Business Horizons, 59, 257-266. https://doi.org/10.1016/j.bushor.2016.01.002
[42]
Collins, J.D., Sainato, V.A. and Khey, D.N. (2011) Organizational Data Breaches 2005-2010: Applying SCP to the Healthcare and Education Sectors. International Journal of Cyber Criminology, 5, 794.
[43]
Posey Garrison, C. and Ncube, M. (2011) A Longitudinal Analysis of Data Breaches. Information Management & Computer Security, 19, 216-230. https://doi.org/10.1108/09685221111173049
[44]
Khey, D.N. and Sainato, V.A. (2013) Examining the Correlates and Spatial Distribution of Organizational Data Breaches in the United States. Security Journal, 26, 367-382. https://doi.org/10.1057/sj.2013.24
[45]
Shu, X., Tian, K., Ciambrone, A. and Yao, D. (2017) Breaking the Target: An Analysis of Target Data Breach and Lessons Learned.
[46]
McLeod, A. and Dolezel, D. (2018) Cyber-Analytics: Modeling Factors Associated with Healthcare Data Breaches. Decision Support Systems, 108, 57-68. https://doi.org/10.1016/j.dss.2018.02.007
[47]
Algarni, A.M. and Malaiya, Y.K. (2016) A Consolidated Approach for Estimation of Data Security Breach Costs. 2016 2nd International Conference on Information Management (ICIM), London, 7-8 May 2016, 26-39. https://doi.org/10.1109/INFOMAN.2016.7477530
[48]
Kafali, Ö., Jones, J., Petruso, M., Williams, L. and Singh, M.P. (2017) How Good Is a Security Policy against Real Breaches? A HIPAA Case Study. 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE), Buenos Aires, 20-28 May 2017, 530-540. https://doi.org/10.1109/ICSE.2017.55
[49]
Sen, R. and Borle, S. (2015) Estimating the Contextual Risk of Data Breach: An Empirical Approach. Journal of Management Information Systems, 32, 314-341. https://doi.org/10.1080/07421222.2015.1063315
[50]
Holtfreter, R.E. and Harrington, A. (2015) Data Breach Trends in the United States. Journal of Financial Crime, 22, 242-260. https://doi.org/10.1108/JFC-09-2013-0055
[51]
Hall, A.A. and Wright, C.S. (2018) Data Security: A Review of Major Security Breaches between 2014 and 2018. Federation of Business Disciplines Journal, 6, 50-63. https://doi.org/10.1080/21624887.2017.1407596
[52]
Goode, S., Hoehle, H., Venkatesh, V. and Brown, S.A. (2017) User Compensation as a Data Breach Recovery Action. MIS Quarterly, 41, 703-727. https://doi.org/10.25300/MISQ/2017/41.3.03
[53]
Raghupathi, W. and Raghupathi, V. (2021) Contemporary Business Analytics: An Overview. Data, 6, Article 86. https://doi.org/10.3390/data6080086
[54]
Börner, K., Bueckle, A. and Ginda, M. (2019) Data Visualization Literacy: Definitions, Conceptual Frameworks, Exercises, and Assessments. Proceedings of the National Academy of Sciences, 116, 1857-1864. https://doi.org/10.1073/pnas.1807180116
[55]
Keim, D., Kohlhammer, J., Ellis, G. and Mansmann, F. (2010) Mastering the Information Age Solving Problems with Visual Analytics. Eurographics Association.
[56]
Keim, D.A. (2001) Visual Exploration of Large Data Sets. Communications of the ACM, 44, 38-44. https://doi.org/10.1145/381641.381656
[57]
Kohlhammer, J., Keim, D., Pohl, M., Santucci, G. and Andrienko, G. (2011) Solving Problems with Visual Analytics. Procedia Computer Science, 7, 117-120. https://doi.org/10.1016/j.procs.2011.12.035
[58]
Cook, K.A. and Thomas, J.J. (2005) Illuminating the Path: The Research and Development Agenda for Visual Analytics. United States, Pacific Northwest National Lab. (PNNL), Richland, WA (United States).
[59]
Cao, N., Koch, S. and Gotz, D. (2018) ACM TIST Special Issue on Visual Analytics. ACM Transactions on Intelligent Systems and Technology, 10, 1-4. https://doi.org/10.1145/3277019
[60]
Lettieri, N., Guarino, A., Malandrino, D. and Zaccagnino, R. (2021) The Sight of Justice. Visual Knowledge Mining, Legal Data and Computational Crime Analysis. 2021 25th International Conference Information Visualisation (IV), Sydney, 5-9 July 2021, 267-272. https://doi.org/10.1109/IV53921.2021.00050
[61]
Heer, J., Bostock, M. and Ogievetsky, V. (2010) A Tour through the Visualization Zoo. Communications of the ACM, 53, 59-67. https://doi.org/10.1145/1743546.1743567
[62]
Liu, S., Wang, X., Liu, M. and Zhu, J. (2017) Towards Better Analysis of Machine Learning Models: A Visual Analytics Perspective. Visual Informatics, 1, 48-56. https://doi.org/10.1016/j.visinf.2017.01.006
[63]
Yang, D., Xie, Z., Rundensteiner, E.A. and Ward, M.O. (2007) Managing Discoveries in the Visual Analytics Process. ACM SIGKDD Explorations Newsletter, 9, 22-29. https://doi.org/10.1145/1345448.1345453
