IDEAS home Printed from https://ideas.repec.org/a/gam/jdataj/v9y2024i2p27-d1330575.html
   My bibliography  Save this article

Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review

Author

Listed:
  • Gabriel Arquelau Pimenta Rodrigues

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil)

  • André Luiz Marques Serrano

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil)

  • Amanda Nunes Lopes Espiñeira Lemos

    (Graduate Program in Law (PPGD), Law School, University of Brasilia (UnB), Brasília 70910-900, Brazil
    School of Law, University of Minho (EDUM), Campus de Gualtar, 4710-057 Braga, Portugal)

  • Edna Dias Canedo

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil)

  • Fábio Lúcio Lopes de Mendonça

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil)

  • Robson de Oliveira Albuquerque

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil
    Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor José García Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain)

  • Ana Lucila Sandoval Orozco

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil
    Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor José García Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain)

  • Luis Javier García Villalba

    (Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor José García Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain)

Abstract

Data breaches result in data loss, including personal, health, and financial information that are crucial, sensitive, and private. The breach is a security incident in which personal and sensitive data are exposed to unauthorized individuals, with the potential to incur several privacy concerns. As an example, the French newspaper Le Figaro breached approximately 7.4 billion records that included full names, passwords, and e-mail and physical addresses. To reduce the likelihood and impact of such breaches, it is fundamental to strengthen the security efforts against this type of incident and, for that, it is first necessary to identify patterns of its occurrence, primarily related to the number of data records leaked, the affected geographical region, and its regulatory aspects. To advance the discussion in this regard, we study a dataset comprising 428 worldwide data breaches between 2018 and 2019, providing a visualization of the related statistics, such as the most affected countries, the predominant economic sector targeted in different countries, and the median number of records leaked per incident in different countries, regions, and sectors. We then discuss the data protection regulation in effect in each country comprised in the dataset, correlating key elements of the legislation with the statistical findings. As a result, we have identified an extensive disclosure of medical records in India and government data in Brazil in the time range. Based on the analysis and visualization, we find some interesting insights that researchers seldom focus on before, and it is apparent that the real dangers of data leaks are beyond the ordinary imagination. Finally, this paper contributes to the discussion regarding data protection laws and compliance regarding data breaches, supporting, for example, the decision process of data storage location in the cloud.

Suggested Citation

  • Gabriel Arquelau Pimenta Rodrigues & André Luiz Marques Serrano & Amanda Nunes Lopes Espiñeira Lemos & Edna Dias Canedo & Fábio Lúcio Lopes de Mendonça & Robson de Oliveira Albuquerque & Ana Lucila Sa, 2024. "Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review," Data, MDPI, vol. 9(2), pages 1-24, January.
    • Handle: RePEc:gam:jdataj:v:9:y:2024:i:2:p:27-:d:1330575
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2306-5729/9/2/27/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2306-5729/9/2/27/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Eli Amir & Shai Levi & Tsafrir Livne, 2018. "Do firms underreport information on cyber-attacks? Evidence from capital markets," Review of Accounting Studies, Springer, vol. 23(3), pages 1177-1206, September.
    2. Bocong Yuan & Jiannan Li, 2019. "The Policy Effect of the General Data Protection Regulation (GDPR) on the Digital Public Health Sector in the European Union: An Empirical Investigation," IJERPH, MDPI, vol. 16(6), pages 1-15, March.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Chris Florackis & Christodoulos Louca & Roni Michaely & Michael Weber, 2023. "Cybersecurity Risk," The Review of Financial Studies, Society for Financial Studies, vol. 36(1), pages 351-407.
    2. Michael McShane & Trung Nguyen, 2020. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 580-615, October.
    3. Jing Chen & Elaine Henry & Xi Jiang, 2023. "Is Cybersecurity Risk Factor Disclosure Informative? Evidence from Disclosures Following a Data Breach," Journal of Business Ethics, Springer, vol. 187(1), pages 199-224, September.
    4. Jacopo Gambato & Bernhard Ganglmair & Julia K. Krämer, 2024. "Effective Regulation and Firm Compliance: The Case of German Privacy Policies," NBER Chapters, in: Data Privacy Protection and the Conduct of Applied Research: Methods, Approaches and their Consequences, National Bureau of Economic Research, Inc.
    5. Camélia Radu & Nadia Smaili, 2022. "Board Gender Diversity and Corporate Response to Cyber Risk: Evidence from Cybersecurity Related Disclosure," Journal of Business Ethics, Springer, vol. 177(2), pages 351-374, May.
    6. Zhang, Yimei & Smith, Thomas, 2023. "The impact of customer firm data breaches on the audit fees of their suppliers," International Journal of Accounting Information Systems, Elsevier, vol. 50(C).
    7. Alessandro Fedele & Cristian Roner, 2022. "Dangerous games: A literature review on cybersecurity investments," Journal of Economic Surveys, Wiley Blackwell, vol. 36(1), pages 157-187, February.
    8. Rustam Jamilov & Hélène Rey & Ahmed Tahoun, 2021. "The Anatomy of Cyber Risk," NBER Working Papers 28906, National Bureau of Economic Research, Inc.
    9. Nadia Smaili & Camélia Radu & Amir Khalili, 2023. "Board effectiveness and cybersecurity disclosure," Journal of Management & Governance, Springer;Accademia Italiana di Economia Aziendale (AIDEA), vol. 27(4), pages 1049-1071, December.
    10. Han, Kookyoung & Choi, Jin Hyuk, 2023. "Implications of false alarms in dynamic games on cyber-security," Chaos, Solitons & Fractals, Elsevier, vol. 169(C).
    11. Cheng, Lin & Jin, Qinglu & Ma, Hui, 2023. "Tone emphasis and insider trading," Journal of Corporate Finance, Elsevier, vol. 80(C).
    12. Rezaee, Zabihollah & Zhou, Gaoguang & Bu, Luofan (Luther), 2024. "Corporate social irresponsibility and the occurrence of data breaches: A stakeholder management perspective," International Journal of Accounting Information Systems, Elsevier, vol. 53(C).
    13. Milena Dinkova & Ramy El-Dardiry & Bastiaan Overvest, 2020. "Cyber incidents, security measures and financial returns: Empirical evidence from Dutch firms," CPB Discussion Paper 411.rdf, CPB Netherlands Bureau for Economic Policy Analysis.
    14. Masoud, Najeb & Al-Utaibi, Ghassan, 2022. "The determinants of cybersecurity risk disclosure in firms’ financial reporting: Empirical evidence," Research in Economics, Elsevier, vol. 76(2), pages 131-140.
    15. Kamiya, Shinichi & Kang, Jun-Koo & Kim, Jungmin & Milidonis, Andreas & Stulz, René M., 2021. "Risk management, firm reputation, and the impact of successful cyberattacks on target firms," Journal of Financial Economics, Elsevier, vol. 139(3), pages 719-749.
    16. Demek, Kristina C. & Kaplan, Steven E., 2023. "Cybersecurity breaches and investors’ interest in the firm as an investment," International Journal of Accounting Information Systems, Elsevier, vol. 49(C).
    17. Cao, Hung & Phan, Hieu V. & Silveri, Sabatino, 2024. "Data breach disclosures and stock price crash risk: Evidence from data breach notification laws," International Review of Financial Analysis, Elsevier, vol. 93(C).
    18. Michael McShane & Trung Nguyen, 0. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-36.
    19. Loic Mar'echal & Alain Mermoud & Dimitri Percia David & Mathias Humbert, 2024. "Measuring the performance of investments in information security startups: An empirical analysis by cybersecurity sectors using Crunchbase data," Papers 2402.04765, arXiv.org, revised Feb 2024.
    20. Akyildirim, Erdinc & Conlon, Thomas & Corbet, Shaen & Hou, Yang (Greg), 2024. "HACKED: Understanding the stock market response to cyberattacks," Journal of International Financial Markets, Institutions and Money, Elsevier, vol. 97(C).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jdataj:v:9:y:2024:i:2:p:27-:d:1330575. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.