IDEAS home Printed from https://ideas.repec.org/a/gam/jdataj/v9y2024i2p27-d1330575.html
   My bibliography  Save this article

Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review

Author

Listed:
  • Gabriel Arquelau Pimenta Rodrigues

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil)

  • André Luiz Marques Serrano

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil)

  • Amanda Nunes Lopes Espiñeira Lemos

    (Graduate Program in Law (PPGD), Law School, University of Brasilia (UnB), Brasília 70910-900, Brazil
    School of Law, University of Minho (EDUM), Campus de Gualtar, 4710-057 Braga, Portugal)

  • Edna Dias Canedo

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil)

  • Fábio Lúcio Lopes de Mendonça

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil)

  • Robson de Oliveira Albuquerque

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil
    Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor José García Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain)

  • Ana Lucila Sandoval Orozco

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil
    Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor José García Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain)

  • Luis Javier García Villalba

    (Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor José García Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain)

Abstract

Data breaches result in data loss, including personal, health, and financial information that are crucial, sensitive, and private. The breach is a security incident in which personal and sensitive data are exposed to unauthorized individuals, with the potential to incur several privacy concerns. As an example, the French newspaper Le Figaro breached approximately 7.4 billion records that included full names, passwords, and e-mail and physical addresses. To reduce the likelihood and impact of such breaches, it is fundamental to strengthen the security efforts against this type of incident and, for that, it is first necessary to identify patterns of its occurrence, primarily related to the number of data records leaked, the affected geographical region, and its regulatory aspects. To advance the discussion in this regard, we study a dataset comprising 428 worldwide data breaches between 2018 and 2019, providing a visualization of the related statistics, such as the most affected countries, the predominant economic sector targeted in different countries, and the median number of records leaked per incident in different countries, regions, and sectors. We then discuss the data protection regulation in effect in each country comprised in the dataset, correlating key elements of the legislation with the statistical findings. As a result, we have identified an extensive disclosure of medical records in India and government data in Brazil in the time range. Based on the analysis and visualization, we find some interesting insights that researchers seldom focus on before, and it is apparent that the real dangers of data leaks are beyond the ordinary imagination. Finally, this paper contributes to the discussion regarding data protection laws and compliance regarding data breaches, supporting, for example, the decision process of data storage location in the cloud.

Suggested Citation

  • Gabriel Arquelau Pimenta Rodrigues & André Luiz Marques Serrano & Amanda Nunes Lopes Espiñeira Lemos & Edna Dias Canedo & Fábio Lúcio Lopes de Mendonça & Robson de Oliveira Albuquerque & Ana Lucila Sa, 2024. "Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review," Data, MDPI, vol. 9(2), pages 1-24, January.
    • Handle: RePEc:gam:jdataj:v:9:y:2024:i:2:p:27-:d:1330575
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2306-5729/9/2/27/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2306-5729/9/2/27/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Eli Amir & Shai Levi & Tsafrir Livne, 2018. "Do firms underreport information on cyber-attacks? Evidence from capital markets," Review of Accounting Studies, Springer, vol. 23(3), pages 1177-1206, September.
    2. Bocong Yuan & Jiannan Li, 2019. "The Policy Effect of the General Data Protection Regulation (GDPR) on the Digital Public Health Sector in the European Union: An Empirical Investigation," IJERPH, MDPI, vol. 16(6), pages 1-15, March.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Michael McShane & Trung Nguyen, 2020. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 580-615, October.
    2. Jacopo Gambato & Bernhard Ganglmair & Julia K. Krämer, 2024. "Effective Regulation and Firm Compliance: The Case of German Privacy Policies," NBER Chapters, in: Data Privacy Protection and the Conduct of Applied Research: Methods, Approaches and their Consequences, National Bureau of Economic Research, Inc.
    3. Chris Florackis & Christodoulos Louca & Roni Michaely & Michael Weber, 2023. "Cybersecurity Risk," The Review of Financial Studies, Society for Financial Studies, vol. 36(1), pages 351-407.
    4. Camélia Radu & Nadia Smaili, 2022. "Board Gender Diversity and Corporate Response to Cyber Risk: Evidence from Cybersecurity Related Disclosure," Journal of Business Ethics, Springer, vol. 177(2), pages 351-374, May.
    5. Nadia Smaili & Camélia Radu & Amir Khalili, 2023. "Board effectiveness and cybersecurity disclosure," Journal of Management & Governance, Springer;Accademia Italiana di Economia Aziendale (AIDEA), vol. 27(4), pages 1049-1071, December.
    6. Han, Kookyoung & Choi, Jin Hyuk, 2023. "Implications of false alarms in dynamic games on cyber-security," Chaos, Solitons & Fractals, Elsevier, vol. 169(C).
    7. Rezaee, Zabihollah & Zhou, Gaoguang & Bu, Luofan (Luther), 2024. "Corporate social irresponsibility and the occurrence of data breaches: A stakeholder management perspective," International Journal of Accounting Information Systems, Elsevier, vol. 53(C).
    8. Masoud, Najeb & Al-Utaibi, Ghassan, 2022. "The determinants of cybersecurity risk disclosure in firms’ financial reporting: Empirical evidence," Research in Economics, Elsevier, vol. 76(2), pages 131-140.
    9. Kamiya, Shinichi & Kang, Jun-Koo & Kim, Jungmin & Milidonis, Andreas & Stulz, René M., 2021. "Risk management, firm reputation, and the impact of successful cyberattacks on target firms," Journal of Financial Economics, Elsevier, vol. 139(3), pages 719-749.
    10. Demek, Kristina C. & Kaplan, Steven E., 2023. "Cybersecurity breaches and investors’ interest in the firm as an investment," International Journal of Accounting Information Systems, Elsevier, vol. 49(C).
    11. Akyildirim, Erdinc & Conlon, Thomas & Corbet, Shaen & Hou, Yang (Greg), 2024. "HACKED: Understanding the stock market response to cyberattacks," Journal of International Financial Markets, Institutions and Money, Elsevier, vol. 97(C).
    12. Franklin Allen & Xian Gu & Julapa Jagtiani, 2021. "A Survey of Fintech Research and Policy Discussion," Review of Corporate Finance, now publishers, vol. 1(3-4), pages 259-339, July.
    13. Dana Turjeman & Fred M. Feinberg, 2024. "When the Data Are Out: Measuring Behavioral Changes Following a Data Breach," Marketing Science, INFORMS, vol. 43(2), pages 440-461, March.
    14. Crosignani, Matteo & Macchiavelli, Marco & Silva, André F., 2023. "Pirates without borders: The propagation of cyberattacks through firms’ supply chains," Journal of Financial Economics, Elsevier, vol. 147(2), pages 432-448.
    15. Lorenz Bohn & Dirk Schiereck, 2023. "Regulation of data breach publication: the case of US healthcare and the HITECH act," Journal of Economics and Finance, Springer;Academy of Economics and Finance, vol. 47(2), pages 386-399, June.
    16. Bhambhwani, Siddharth M. & Huang, Allen H., 2024. "Auditing decentralized finance," The British Accounting Review, Elsevier, vol. 56(2).
    17. Sylvie Héroux & Anne Fortin, 2024. "Board of directors’ attributes and aspects of cybersecurity disclosure," Journal of Management & Governance, Springer;Accademia Italiana di Economia Aziendale (AIDEA), vol. 28(2), pages 359-404, June.
    18. Iyer, Subramanian R. & Simkins, Betty J. & Wang, Heng, 2020. "Cyberattacks and impact on bond valuation," Finance Research Letters, Elsevier, vol. 33(C).
    19. Elmawazini, Khaled & Saadi, Samir & Sassi, Syrine & Khiyar, Khiyar Abdalla & Ali, Mohammed, 2023. "Do data breach disclosure laws matter to shareholder risk?," Finance Research Letters, Elsevier, vol. 53(C).
    20. Rey, Hélène & Jamilov, Rustam & Tahoun, Ahmed, 2021. "The Anatomy of Cyber Risk," CEPR Discussion Papers 16217, C.E.P.R. Discussion Papers.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jdataj:v:9:y:2024:i:2:p:27-:d:1330575. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.