The Impact of Data Breach Announcements on Company Value in European Markets

Recent research on the economic impact of data breach announcements on publicly listed companies was found to be sparse, with the majority of existing studies having a strong US bias. Here, a dataset of 45 data breach disclosures between 2017 and 2019 relevant to European publicly listed companies was hand-gathered (from various sources) and detailed analyses of share price impact carried out using event study techniques with the aim of supporting business cases for firms to invest in cyber security. Differences from existing studies (in particular, the US market) are highlighted and discussed along with pointers to future research in this area. Although some evidence of negative cumulative abnormal returns (CAR) in the days surrounding the announcement were observed, along with one extreme case leading to insolvency, the results were not statistically significant overall with the notable exception of the Spanish market, which appeared to be more sensitive to data breaches, reacting rapidly. Therefore, justification for cyber security investment purely based on the market value effect of a data breach disclosure would be challenging. Other factors would need to be taken into consideration such as risk appetite, industry sector and nature of the information compromised as well as relevant legislation. Certain other observations were noted such as the lack of a comprehensive breach database for Europe (unlike US) and the effect of the introduction of the General Data Protection Regulation (GDPR). This research would be of benefit to business management, practitioners of cyber security, investors and shareholders as well as researchers in cyber security or related fields

Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection (Extended Version)

We present a formal approach that exploits attacks related to SQL Injection (SQLi) searching for security flaws in a web application. We give a formal representation of web applications and databases, and show that our formalization effectively exploits SQLi attacks. We implemented our approach in a prototype tool called SQLfast and we show its efficiency on real-world case studies, including the discovery of an attack on Joomla! that no other tool can find

Determining military expenditures: arms races and spill-over effects in cross-section and panel data

This paper considers the determinants of military spending, building on an emerging literature that estimates military expenditure demand functions in cross-section and panel data, incorporating ‘arms-race’ type effects. It updates Dunne and Perlo-Freeman (2003b) using the SIPRI military expenditure database for the period 1988-2003, finding broadly similar results. It also shows differences in results across panel methods, particularly the within and between estimates and illustrates the importance of recognising and modelling dynamic processes within panel data. Heterogeneity is also found to be an important issue and when countries are broken up into groups on the basis of per capita income there is no obvious systematic pattern in the results. This is seen to imply that the demand for military spending, even between two mutually hostile powers, may depend on the whole nature of the relationship between them (and other countries and events in the region), and not simply Richardsonian action-reaction patterns

CONDOR: A Hybrid IDS to Offer Improved Intrusion Detection

Intrusion Detection Systems are an accepted and very useful option to monitor, and detect malicious activities. However, Intrusion Detection Systems have inherent limitations which lead to false positives and false negatives; we propose that combining signature and anomaly based IDSs should be examined. This paper contrasts signature and anomaly-based IDSs, and critiques some proposals about hybrid IDSs with signature and heuristic capabilities, before considering some of their contributions in order to include them as main features of a new hybrid IDS named CONDOR (COmbined Network intrusion Detection ORientate), which is designed to offer superior pattern analysis and anomaly detection by reducing false positive rates and administrator intervention

The flight of the white collars

By analyzing two novel data sets from Turkey, we provide empirical evidence for yet another negative consequence of civil conflicts. We show that the long running civil cinflict in Turkey has been driving away doctors and other medical personnel from conflict areas, and the availability of medical personal is positively associated with public health. By doing so, we illuminate an important, yet never analyzed before mechanism through which civil conflicts exert their long-term negative influences on the most important "life chances" of societies, namely, the chance to lead a healthy life. We then proceed to provide some evidence that a similar dynamic is in play in education as well

SHE based Non Interactive Privacy Preserving Biometric Authentication Protocols

Being unique and immutable for each person, biometric signals are widely used in access control systems. While biometric recognition appeases concerns about password's theft or loss, at the same time it raises concerns about individual privacy. Central servers store several enrolled biometrics, hence security against theft must be provided during biometric transmission and against those who have access to the database. If a server's database is compromised, other systems using the same biometric templates could also be compromised as well. One solution is to encrypt the stored templates. Nonetheless, when using traditional cryptosystem, data must be decrypted before executing the protocol, leaving the database vulnerable. To overcame this problem and protect both the server and the client, biometrics should be processed while encrypted. This is possible by using secure two-party computation protocols, mainly based on Garbled Circuits (GC) and additive Homomorphic Encryption (HE). Both GC and HE based solutions are efficient yet interactive, meaning that the client takes part in the computation. Instead in this paper we propose a non-interactive protocol for privacy preserving biometric authentication based on a Somewhat Homomorphic Encryption (SHE) scheme, modified to handle integer values, and also suggest a blinding method to protect the system from spoofing attacks. Although our solution is not as efficient as the ones based on GC or HE, the protocol needs no interaction, moving the computation entirely on the server side and leaving only inputs encryption and outputs decryption to the client