The Impact Of Repeated Data Breach Events On Organisations’ Market Value

Article

Schatz, Daniel and Bashroush, R. 2016. The Impact Of Repeated Data Breach Events On Organisations’ Market Value. Information and Computer Security. 24 (1), pp. 73-92.
AuthorsSchatz, Daniel and Bashroush, R.
Abstract

Purpose – In this study, we examined the influence of one or more information security breaches on an organization’s stock market value as a way to benchmark the wider economic impact of such events.
Design/Methodology/approach – We used an event studies based approach where a measure of the event’s economic impact can be constructed using security prices observed over a relatively short period of time.
Findings – Based on the results, we argue that although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches.
Research limitations/implications – One of the main limitations of this study was the quantity and quality of published data on security breaches, as organisations tend not to share this information.
Practical implications – One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives.
Originality/value – We envisage that as more breach event data become more widely available due to compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.
Keywords - Information Security, Event Based Analysis, Information Security Breaches
Paper type - Research paper

KeywordsInformation Security; Event Based Analysis; Information Security Breaches
JournalInformation and Computer Security
Journal citation24 (1), pp. 73-92
ISSN2056-4961
Year2016
PublisherEmerald
Accepted author manuscript
Web address (URL)http://www.emeraldinsight.com/journal/ics
Publication dates
Print14 Mar 2016
Publication process dates
Deposited03 Dec 2015
Accepted13 Jul 2015
Permalink -

https://repository.uel.ac.uk/item/851y7

Log in to edit

Download files

Accepted author manuscript
postprint_iacs_bashroush_2015.pdf

  • 368
    total views
  • 1836
    total downloads
  • 4
    views this month
  • 8
    downloads this month

Export as

Related outputs

SWOT Analysis of Information Security Management System ISO 27001
Akinyemi, I., Schatz, D. and Bashroush, R. 2020. SWOT Analysis of Information Security Management System ISO 27001. International Journal of Services Operations and Informatics. 10 (4), p. 305–329. https://doi.org/10.1504/IJSOI.2020.111297
Optimizing server refresh cycles: The case for circular economy with an aging Moore’s Law
Bashroush, R., Rteil, N., Kenny, R. and Wynne, A. 2020. Optimizing server refresh cycles: The case for circular economy with an aging Moore’s Law. IEEE Transactions on Sustainable Computing. 7 (1), pp. 189-200. https://doi.org/10.1109/TSUSC.2020.3035234
Case Studies for achieving a Return on Investment with a Hardware Refresh in Organizations with Small Data Centers
Doyle, J. and Bashroush, R. 2020. Case Studies for achieving a Return on Investment with a Hardware Refresh in Organizations with Small Data Centers. IEEE Transactions on Sustainable Computing. 6 (4), pp. 599-611. https://doi.org/10.1109/TSUSC.2020.3031450
Towards Efficient and Scalable Data-Intensive Content Delivery: State-of-the-Art, Issues and Challenges
Kilanioti, Irene, Fernández-Montes, Alejandro, Fernández-Cerero, Damián, Karageorgos, Anthony, Mettouris, Christos, Nejkovic, Valentina, Albanis, Nikolas, Bashroush, R. and Papadopoulos, George A. 2019. Towards Efficient and Scalable Data-Intensive Content Delivery: State-of-the-Art, Issues and Challenges. in: Kołodziej, Joanna and González-Vélez, Horacio (ed.) High-Performance Modelling and Simulation for Big Data Applications: Selected Results of the COST Action IC1406 cHiPSet Springer, Cham.
Security predictions — A way to reduce uncertainty
Schatz, D. and Bashroush, R. 2019. Security predictions — A way to reduce uncertainty. Journal of Information Security and Applications. 45, pp. 107-116. https://doi.org/10.1016/j.jisa.2019.01.009
Towards a More Representative Definition of Cyber Security
Schatz, Daniel, Bashroush, R. and Wall, J. 2017. Towards a More Representative Definition of Cyber Security. Journal of Digital Forensics, Security and Law. 12 (2), pp. 53-74. https://doi.org/10.15394/jdfsl.2017.1476
Representing Variability in Software Architecture: A Systematic Literature Review
Haider, U., Woods, E. and Bashroush, R. 2018. Representing Variability in Software Architecture: A Systematic Literature Review. International Journal of Software Engineering and Computer Systems. 4 (2), pp. 19-37. https://doi.org/10.15282/ijsecs.4.2.2018.2.0046
A Comprehensive Reasoning Framework for Hardware Refresh in Data Centers
Bashroush, R. 2018. A Comprehensive Reasoning Framework for Hardware Refresh in Data Centers. IEEE Transactions on Sustainable Computing. 3 (4), pp. 209-220. https://doi.org/10.1109/TSUSC.2018.2795465
The ALI Architecture Description Language
Haider, U., McGregor, John D. and Bashroush, R. 2018. The ALI Architecture Description Language. ACM SIGSOFT Software Engineering Notes. 43 (4), pp. 52-52. https://doi.org/10.1145/3282517.3282545
Integration operators for generating RDF/OWL-based user defined mediator views in a grid environment
Tawil, Abdel-Rahman H., Taweel, Adel, Naeem, U., Montebello, Matthew, Bashroush, R. and Al-Nemrat, A. 2014. Integration operators for generating RDF/OWL-based user defined mediator views in a grid environment. Journal of Intelligent Information Systems. 43 (1), pp. 1-32. https://doi.org/10.1007/s10844-013-0300-5
Jolinar: Analysing the Energy Footprint of Software Applications (demo)
Noureddine, A., Islam, S. and Bashroush, R. 2016. Jolinar: Analysing the Energy Footprint of Software Applications (demo). in: Proceedings of the 25th International Symposium on Software Testing and Analysis New York, NY, USA Association for Computing Machinery (ACM). pp. 445-448
Architectural Principles for Energy-Aware Internet-Scale Applications
Bashroush, R. and Woods, E. 2017. Architectural Principles for Energy-Aware Internet-Scale Applications. IEEE Software. 34 (3), pp. 14-17. https://doi.org/10.1109/MS.2017.60
CASE Tool support for variability management in software product lines
Bashroush, R., Garba, M., Rabiser, R., Groher, I. and Botterweck, G. 2017. CASE Tool support for variability management in software product lines. ACM Computing Surveys. 50 (Art. 14). https://doi.org/10.1145/3034827
gUML: Reasoning about Energy at Design Time by Extending UML Deployment Diagrams with Data Centre Contextual Information
Jebraeil, Nigar, Noureddine, A., Doyle, J., Islam, S. and Bashroush, R. 2017. gUML: Reasoning about Energy at Design Time by Extending UML Deployment Diagrams with Data Centre Contextual Information. in: 2017 IEEE World Congress on Services (SERVICES) IEEE. pp. In Press
Cloud Strife: Expanding the Horizons of Cloud Gaming Services
Doyle, J., Islam, S., Bashroush, R. and O'Mahony, Donal 2017. Cloud Strife: Expanding the Horizons of Cloud Gaming Services. in: 2017 IEEE World Congress on Services (SERVICES) IEEE.
MUSA: A Scalable Multi-Touch and Multi-Perspective Variability Management Tool
Garba, Muhammad, Noureddine, Adel and Bashroush, R. 2016. MUSA: A Scalable Multi-Touch and Multi-Perspective Variability Management Tool. in: 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA) IEEE. pp. 299-302
Economic Valuation for Information Security Investment: A Systematic Literature Review
Schatz, Daniel and Bashroush, R. 2016. Economic Valuation for Information Security Investment: A Systematic Literature Review. Information Systems Frontiers. 19 (5), pp. 1205-1228. https://doi.org/10.1007/s10796-016-9648-8
Modelling large-scale information systems using ADLs – An industrial experience report
Woods, Eoin and Bashroush, R. 2014. Modelling large-scale information systems using ADLs – An industrial experience report. The Journal of Systems and Software. 99 (1), pp. 97-108.
Activities of daily life recognition using process representation modelling to support intention analysis
Naeem, U., Bashroush, R., Anthony, Richard, Azam, Muhammad Awais, Tawil, Abdel Rahman, Lee, S. and Mou-Ling, Dennis 2015. Activities of daily life recognition using process representation modelling to support intention analysis. International Journal of Pervasive Computing and Communications. 11 (3), pp. 347-371. https://doi.org/10.1108/IJPCC-01-2015-0002
Using an Architecture Description Language to Model a Large- Scale Information System – An Industrial Experience Report
Woods, Eoin and Bashroush, R. 2012. Using an Architecture Description Language to Model a Large- Scale Information System – An Industrial Experience Report. Proceedings of the Joint 10th Working IEEE/IFIP Conference on Software Architecture & 6th European Conference on Software Architecture. Helsinki Finland Aug 2012
The contribution of architecture description languages to the evaluation of software architectures
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2004. The contribution of architecture description languages to the evaluation of software architectures.
Using the NaSr Architectural Style to Solve the Broken Hyperlink Problem
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2004. Using the NaSr Architectural Style to Solve the Broken Hyperlink Problem.
Towards an Automated Evaluation Process for Software Architectures
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2004. Towards an Automated Evaluation Process for Software Architectures.
A Real-time Network Emulator: ADLARS Case Study
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2004. A Real-time Network Emulator: ADLARS Case Study.
A Network Architectural Style for Real-time Systems: NaSr
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2004. A Network Architectural Style for Real-time Systems: NaSr.
Deriving Product Architectures from an ADLARS Described Reference Architecture using Leopard
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2004. Deriving Product Architectures from an ADLARS Described Reference Architecture using Leopard.
Feature Guided Architecture Development for Embedded System Families
Brown, John, Bashroush, R., Gillan, Charles, Spence, Ivor and Kilpatrick, Peter 2005. Feature Guided Architecture Development for Embedded System Families.
A Generic Reference Software Architecture for Load Balancing Over Mirrored Web Servers: NaSr Case Study
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2005. A Generic Reference Software Architecture for Load Balancing Over Mirrored Web Servers: NaSr Case Study.
ADLARS: An Architecture Description Language for Software Product Lines
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2005. ADLARS: An Architecture Description Language for Software Product Lines.
Weaving Behaviour into Feature Models for Embedded System Families
Brown, John, Gawley, Rachel, Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Gillan, Charles 2006. Weaving Behaviour into Feature Models for Embedded System Families.
Towards More Flexible Architecture Description Languages for Industrial Applications
Bashroush, R., Spence, Ivor, Kilpatrick, Peter and Brown, John 2006. Towards More Flexible Architecture Description Languages for Industrial Applications. in:
Towards Performance Related Decision Support for Model Driven Engineering of Enterprise SOA Applications
Fritzsche, M, Gilani, Wasif, Spence, Ivor, Kilpatrick, Peter, Brown, John and Bashroush, R. 2008. Towards Performance Related Decision Support for Model Driven Engineering of Enterprise SOA Applications. in: Schierferdecker, Ina and Hartman, Alan (ed.) Model Driven Architecture – Foundations and Applications Springer.
A Multiple Views Model for Variability Management in Software Product Lines
Bashroush, R., Spence, Ivor, Kilpatrick, Peter, Brown, John and Gillan, Charles 2008. A Multiple Views Model for Variability Management in Software Product Lines. Proceedings of the Second International Workshop on Variability Modelling of Software-intensive Systems (VaMoS2008). Essen, Germany 16 - 18 Jan 2008
ALI: An Extensible Architecture Description Language for Industrial Applications
Bashroush, R., Spence, Ivor, Kilpatrick, Peter, Brown, John, Gilani, Wasif and Fritzsche, M 2008. ALI: An Extensible Architecture Description Language for Industrial Applications. in: Springer.
Towards Performance Related Decision Support for Model Driven Engineering of Enterprise SOA Applications
Bashroush, R. and Spence, Ivor 2008. Towards Performance Related Decision Support for Model Driven Engineering of Enterprise SOA Applications. in: Proceedings of 15th IEEE International Conference on Engineering of Computer-Based Systems (ECBS) IEEE. pp. 57-65
A Scalable Multiple Perspective Variability Management CASE Tool
Bashroush, R. 2010. A Scalable Multiple Perspective Variability Management CASE Tool. 14th International Software Product Line Conference (SPLC). South Korea Sep 2010
A NUI Based Multiple Perspective Variability Modelling CASE Tool
Bashroush, R. 2010. A NUI Based Multiple Perspective Variability Modelling CASE Tool. in: Babar, Muhammad Ali and Gorton, IAn (ed.) Software Architecture: Proceedings of 4th European Conference, ECSA 2010, Copenhagen, Denmark, August 23-26, 2010 Springer.
Logical Reasoning and Decision Making
Ong, D, Khaddaj, Souheil and Bashroush, R. 2011. Logical Reasoning and Decision Making. 10th IEEE International Conference on Cybernetic Intelligent Systems. London Aug 2011
A Provisioning Model towards OAuth 2.0 Optimization
Nouriddine, Moustafa and Bashroush, R. 2011. A Provisioning Model towards OAuth 2.0 Optimization. 10th IEEE International Conference on Cybernetic Intelligent Systems. London Sep 2011
A Performance Optimization Model towards OAuth 2.0 Adoption in the Enterprise
Nouriddine, Moustafa and Bashroush, R. 2011. A Performance Optimization Model towards OAuth 2.0 Adoption in the Enterprise. Proceedings of the 7th International Conference on Global Security, Safety & Sustainability (ICGS3). Greece Aug 2011
Modality Cost Analysis: A Methodology for Cost Effective Datacenter Capacity Planning in the Cloud
Nouriddine, Moustafa and Bashroush, R. 2011. Modality Cost Analysis: A Methodology for Cost Effective Datacenter Capacity Planning in the Cloud.
Modality Cost Analysis Based Methodology for Cost Effective Datacenter Capacity Planning in the Cloud
Nouriddine, Moustafa and Bashroush, R. 2011. Modality Cost Analysis Based Methodology for Cost Effective Datacenter Capacity Planning in the Cloud. Ubiquitous Computing and Communication Journal.
Sufficiency of Windows Event log as Evidence in Digital Forensics
Ibrahim, Nurdeen, Al-Nemrat, Ameer, Jahankhani, Hamid and Bashroush, R. 2011. Sufficiency of Windows Event log as Evidence in Digital Forensics. Proceedings of the 7th International Conference on Global Security, Safety & Sustainability (ICGS3). Greece Aug 2011
GSi Compliant RAS for Public Private Sector Partnership
Fawzi, Fawzi and Bashroush, R. 2011. GSi Compliant RAS for Public Private Sector Partnership. Proceedings of the 7th International Conference on Global Security, Safety & Sustainability (ICGS3). Greece Aug 2011
Case Study: Using ADLARS to Design and Develop a Real-Time Network Emulator
Bashroush, R., Al-Nemrat, Ameer, Bachrouch, Mohammad and Spence, Ivor 2011. Case Study: Using ADLARS to Design and Develop a Real-Time Network Emulator. Proceedings of the International Conference on Information and Communication Systems (ICICS 2011). Jordan May 2011
Visualizing Variability Models Using Hyperbolic Trees
Bashroush, R., Al-Nemrat, Ameer, Bachrouch, Mohammad and Jahankhani, Hamid 2011. Visualizing Variability Models Using Hyperbolic Trees. Proceedings of the 23rd International Conference on Advanced Information Systems Engineering Forum(CAiSE Forum 2011). London Jun 2011
A Cost Effective Cloud Datacenter Capacity Planning Method Based on Modality Cost Analysis
Bashroush, R. and Nouriddine, Moustafa 2013. A Cost Effective Cloud Datacenter Capacity Planning Method Based on Modality Cost Analysis. International Journal of Communication Networks and Distributed Systems. 11 (3), pp. 250-261.
Challenges in the Application of Feature Modelling in Fixed Line Telecommunications
Gillan, Charles, Kilpatrick, Peter, Spence, Ivor, Brown, T. John, Bashroush, R. and Gawley, Rachel 2007. Challenges in the Application of Feature Modelling in Fixed Line Telecommunications. Proceedings of the First International Workshop on Variability Modelling of Software-intensive Systems (VaMoS 2007), Lemrick, Ireland, Jan 16 -18, 2007. C Gillan
Using a Software Product Line Approach in Designing Grid Services
Bashroush, R. and Perrott, Ronald 2005. Using a Software Product Line Approach in Designing Grid Services. 4th UK e-Science All Hands Meeting (AHM2005). Nottingham, UK Sep 2005
Requirements Modelling and Design Notations for Software Product Lines
Brown, T. John, Gawley, Rachel, Spence, Ivor, Kilpatrick, Peter, Gillan, Charles and Bashroush, R. 2007. Requirements Modelling and Design Notations for Software Product Lines. Proceedings of the First International Workshop on Variability Modelling of Software-intensive Systems (VaMoS2007), Lemrick, Ireland, Jan 16-18, 2007. T J. Brown