IDEAS home Printed from https://ideas.repec.org/a/spr/eurphb/v89y2016i1d10.1140_epjb_e2015-60754-4.html
   My bibliography  Save this article

The extreme risk of personal data breaches and the erosion of privacy

Author

Listed:
  • Spencer Wheatley

    (ETH Zurich, Department of Management)

  • Thomas Maillart

    (School of Information, University of California)

  • Didier Sornette

    (ETH Zurich, Department of Management)

Abstract

Personal data breaches from organisations, enabling mass identity fraud, constitute an extreme risk. This risk worsens daily as an ever-growing amount of personal data are stored by organisations and on-line, and the attack surface surrounding this data becomes larger and harder to secure. Further, breached information is distributed and accumulates in the hands of cyber criminals, thus driving a cumulative erosion of privacy. Statistical modeling of breach data from 2000 through 2015 provides insights into this risk: A current maximum breach size of about 200 million is detected, and is expected to grow by fifty percent over the next five years. The breach sizes are found to be well modeled by an extremely heavy tailed truncated Pareto distribution, with tail exponent parameter decreasing linearly from 0.57 in 2007 to 0.37 in 2015. With this current model, given a breach contains above fifty thousand items, there is a ten percent probability of exceeding ten million. A size effect is unearthed where both the frequency and severity of breaches scale with organisation size like s 0.6. Projections indicate that the total amount of breached information is expected to double from two to four billion items within the next five years, eclipsing the population of users of the Internet. This massive and uncontrolled dissemination of personal identities raises fundamental concerns about privacy.

Suggested Citation

  • Spencer Wheatley & Thomas Maillart & Didier Sornette, 2016. "The extreme risk of personal data breaches and the erosion of privacy," The European Physical Journal B: Condensed Matter and Complex Systems, Springer;EDP Sciences, vol. 89(1), pages 1-12, January.
    • Handle: RePEc:spr:eurphb:v:89:y:2016:i:1:d:10.1140_epjb_e2015-60754-4
    DOI: 10.1140/epjb/e2015-60754-4
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1140/epjb/e2015-60754-4
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1140/epjb/e2015-60754-4?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Eling, Martin & Loperfido, Nicola, 2017. "Data breaches: Goodness of fit, pricing, and risk measurement," Insurance: Mathematics and Economics, Elsevier, vol. 75(C), pages 126-136.
    2. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Trück & Jiwook Jang, 2023. "Cyber loss model risk translates to premium mispricing and risk sensitivity," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 372-433, April.
    3. Eling, Martin & Jung, Kwangmin, 2018. "Copula approaches for modeling cross-sectional dependence of data breach losses," Insurance: Mathematics and Economics, Elsevier, vol. 82(C), pages 167-180.
    4. Omer Ilker Poyraz & Mustafa Canan & Michael McShane & C. Ariel Pinto & T. Steven Cotter, 2020. "Cyber assets at risk: monetary impact of U.S. personally identifiable information mega data breaches," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 616-638, October.
    5. Kjartan Palsson & Steinn Gudmundsson & Sachin Shetty, 0. "Analysis of the impact of cyber events for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-16.
    6. Ulrik Franke & Amanda Hoxell, 2020. "Observable Cyber Risk on Cournot Oligopoly Data Storage Markets," Risks, MDPI, vol. 8(4), pages 1-15, November.
    7. Daouia, Abdelaati & Stupfler, Gilles & Usseglio-Carleve, Antoine, 2023. "Bias-reduced and variance-corrected asymptotic Gaussian inference about extreme expectiles," TSE Working Papers 23-1444, Toulouse School of Economics (TSE), revised Nov 2023.
    8. Farkas, Sébastien & Lopez, Olivier & Thomas, Maud, 2021. "Cyber claim analysis using Generalized Pareto regression trees with applications to insurance," Insurance: Mathematics and Economics, Elsevier, vol. 98(C), pages 92-105.
    9. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    10. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    11. Kjartan Palsson & Steinn Gudmundsson & Sachin Shetty, 2020. "Analysis of the impact of cyber events for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 564-579, October.
    12. Spencer Wheatley & Annette Hofmann & Didier Sornette, 2021. "Addressing insurance of data breach cyber risks in the catastrophe framework," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 46(1), pages 53-78, January.
    13. Benjamin Avanzi & Xingyun Tan & Greg Taylor & Bernard Wong, 2023. "On the evolution of data breach reporting patterns and frequency in the United States: a cross-state analysis," Papers 2310.04786, arXiv.org, revised Jun 2024.
    14. Daniel Zängerle & Dirk Schiereck, 2023. "Modelling and predicting enterprise-level cyber risks in the context of sparse data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 434-462, April.
    15. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    16. Jevtić, Petar & Lanchier, Nicolas, 2020. "Dynamic structural percolation model of loss distribution for cyber risk of small and medium-sized enterprises for tree-based LAN topology," Insurance: Mathematics and Economics, Elsevier, vol. 91(C), pages 209-223.
    17. Domenico Giovanni & Arturo Leccadito & Marco Pirra, 2021. "On the determinants of data breaches: A cointegration analysis," Decisions in Economics and Finance, Springer;Associazione per la Matematica, vol. 44(1), pages 141-160, June.
    18. Zängerle, Daniel & Schiereck, Dirk, 2022. "Modelling and predicting enterprise‑level cyber risks in the context of sparse data availability," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 136276, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    19. Bennet Skarczinski & Mathias Raschke & Frank Teuteberg, 2023. "Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 463-501, April.
    20. Meng Sun & Yi Lu, 2022. "A Generalized Linear Mixed Model for Data Breaches and Its Application in Cyber Insurance," Risks, MDPI, vol. 10(12), pages 1-23, November.

    More about this item

    Keywords

    Statistical and Nonlinear Physics;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:eurphb:v:89:y:2016:i:1:d:10.1140_epjb_e2015-60754-4. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.