IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v16y2024i6p201-d1409209.html
   My bibliography  Save this article

Impact, Compliance, and Countermeasures in Relation to Data Breaches in Publicly Traded U.S. Companies

Author

Listed:
  • Gabriel Arquelau Pimenta Rodrigues

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil
    These authors contributed equally to this work.)

  • André Luiz Marques Serrano

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil
    These authors contributed equally to this work.)

  • Guilherme Fay Vergara

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil
    These authors contributed equally to this work.)

  • Robson de Oliveira Albuquerque

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil
    These authors contributed equally to this work.)

  • Georges Daniel Amvame Nze

    (Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil
    These authors contributed equally to this work.)

Abstract

A data breach is the unauthorized disclosure of sensitive personal data, and it impacts millions of individuals annually in the United States, as reported by Privacy Rights Clearinghouse. These breaches jeopardize the physical safety of the individuals whose data are exposed and result in substantial economic losses for the affected companies. To diminish the frequency and severity of data breaches in the future, it is imperative to research their causes and explore preventive measures. In pursuit of this goal, this study considers a dataset of data breach incidents affecting companies listed on the New York Stock Exchange and NASDAQ. This dataset has been augmented with additional information regarding the targeted company. This paper employs statistical visualizations of the data to clarify these incidents and assess their consequences on the affected companies and individuals whose data were compromised. We then propose mitigation controls based on established frameworks such as the NIST Cybersecurity Framework. Additionally, this paper reviews the compliance scenario by examining the relevant laws and regulations applicable to each case, including SOX, HIPAA, GLBA, and PCI-DSS, and evaluates the impacts of data breaches on stock market prices. We also review guidelines for appropriately responding to data leaks in the U.S., for compliance achievement and cost reduction. By conducting this analysis, this work aims to contribute to a comprehensive understanding of data breaches and empower organizations to safeguard against them proactively, improving the technical quality of their basic services. To our knowledge, this is the first paper to address compliance with data protection regulations, security controls as countermeasures, financial impacts on stock prices, and incident response strategies. Although the discussion is focused on publicly traded companies in the United States, it may also apply to public and private companies worldwide.

Suggested Citation

  • Gabriel Arquelau Pimenta Rodrigues & André Luiz Marques Serrano & Guilherme Fay Vergara & Robson de Oliveira Albuquerque & Georges Daniel Amvame Nze, 2024. "Impact, Compliance, and Countermeasures in Relation to Data Breaches in Publicly Traded U.S. Companies," Future Internet, MDPI, vol. 16(6), pages 1-32, June.
    • Handle: RePEc:gam:jftint:v:16:y:2024:i:6:p:201-:d:1409209
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/16/6/201/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/16/6/201/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Jing Chen & Elaine Henry & Xi Jiang, 2023. "Is Cybersecurity Risk Factor Disclosure Informative? Evidence from Disclosures Following a Data Breach," Journal of Business Ethics, Springer, vol. 187(1), pages 199-224, September.
    2. Meng Sun & Yi Lu, 2022. "A Generalized Linear Mixed Model for Data Breaches and Its Application in Cyber Insurance," Risks, MDPI, vol. 10(12), pages 1-23, November.
    3. Piccotti, Louis R. & Wang, Heng, 2023. "Informed trading in the options market surrounding data breaches," Global Finance Journal, Elsevier, vol. 56(C).
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Akyildirim, Erdinc & Conlon, Thomas & Corbet, Shaen & Hou, Yang (Greg), 2024. "HACKED: Understanding the stock market response to cyberattacks," Journal of International Financial Markets, Institutions and Money, Elsevier, vol. 97(C).
    2. Gao, Ya & Bradrania, Reza, 2024. "Property crime and lottery-related anomalies," Global Finance Journal, Elsevier, vol. 59(C).
    3. Shengkun Xie & Chong Gan, 2023. "Estimating Territory Risk Relativity Using Generalized Linear Mixed Models and Fuzzy C -Means Clustering," Risks, MDPI, vol. 11(6), pages 1-20, May.
    4. Abukari, Kobana & Dutta, Shantanu & Li, Chen & Tang, Songlian & Zhu, Pengcheng, 2024. "Corporate communication and likelihood of data breaches," International Review of Economics & Finance, Elsevier, vol. 94(C).
    5. Guohong, Zheng & Zhongwei, Xia & Feng, He & Zhongyi, Xiao, 2025. "The audit committee’s IT expertise and its impact on the disclosure of cybersecurity risk," Research in International Business and Finance, Elsevier, vol. 73(PA).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:16:y:2024:i:6:p:201-:d:1409209. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.