Communication of Data Breaches Through Financial Statements: A Text Analysis Perspective

Data breaches of companies in various industry segments have seen a significant increase over the past decade. Consumer data ranging from emails and bank account information to health information has been compromised through such data breaches that have raised grave information security and privacy concerns among the users and the organizations alike. Companies that are experiencing these data breaches have an obligation to communicate information about these incidents to their stakeholders and they do so through their financial reports. In this article, we analyze financial reports from a text analysis standpoint to identify key trends and formulate theoretical propositions. In that regard, we build on legitimacy theory as a foundation, and consider several factors such as the size of the data breach, type of information compromised, and coverage in the media

Firm Actions Toward Data Breach Incidents and Firm Equity Value: An Empirical Study

Managing information resources including protecting the privacy of customer data plays a critical role in most firms. Data breach incidents may be extremely costly for firms. In the face of a data breach event, some firms are reluctant to disclose information to the public. Firm may be concerned with the potential drop in the market value following the revelation of a data breach. This paper examines the impact of data breach incidents to the firm’s market value/equity value, and explores the possibility that certain firm behaviors may reduce the cost of the incidents. We use regression analysis to identify the factors that affect cumulative abnormal stock return (CAR). Our results indicate that when data breach happens, firms not only should notify customers or the public timely, but also try to control the amount of information disclosed. These findings should provide corporate executives with guidance on managing public disclosure of data breach incidents

Privacy and Security Information Awareness and Disclosure of Private Information by Users of Online Social Media in the Ibadan Metropolis, Nigeria

The purpose of this paper is to investigate information privacy and security awareness among online social media (OSM) users in the Ibadan metropolis, Nigeria. Building upon the social exchange theory, some factors that could influence the disclosure of private information on social media were identified. Findings from the analysis of data of 255 respondents revealed that most were aware of information privacy and security measures available on OSM, and the risks associated with the disclosure of private information on OSM. Privacy and security awareness, the perception of benefits associated with the use of OSM, the perception of risks associated with the use of OSM, trust in the security of OSM, and the respondents’ privacy and security self-efficacy influenced the disclosure of private information, while gender did not. Social media providers should provide more enlightenment on privacy settings available on the platforms to create more security and privacy consciousness

Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements

Timing plays a crucial role in the context of information security investments: We regard timing in two dimensions, namely the time of announcement in relation to the time of investment and the time of announcement in relation to the time of a fundamental security incident. The financial value of information security investments is assessed by examining the relationship between the investment announcements and their stock market reaction focusing on the two time dimensions. Using an event study methodology, we found that both dimensions influence the stock market return of the investing organization. In particular: (1) after fundamental security incidents in a given industry, the stock price will react more positively to a firm’s announcement of actual information security investments than to announcements of the intention to invest; (2) the stock price will react more positively to a firm’s announcements of the intention to invest after the fundamental security incident compared to before; and (3) the stock price will react more positively to a firm’s announcements of actual information security investments after the fundamental security incident compared to before. Overall, the lowest abnormal return can be expected when the intention to invest is announced before a fundamental information security incident and the highest return when actual investing after a fundamental information security incident in the respective industry

A Framework for Effective Corporate Communication after Cyber Security Incidents

A major cyber security incident can represent a cyber crisis for an organisation, in particular because of the associated risk of substantial reputational damage. As the likelihood of falling victim to a cyberattack has increased over time, so too has the need to understand exactly what is effective corporate communication after an attack, and how best to engage the concerns of customers, partners and other stakeholders. This research seeks to tackle this problem through a critical, multi-faceted investigation into the efficacy of crisis communication and public relations following a data breach. It does so by drawing on academic literature, obtained through a systematic literature review, and real-world case studies. Qualitative data analysis is used to interpret and structure the results, allowing for the development of a new, comprehensive framework for corporate communication to support companies in their preparation and response to such events. The validity of this framework is demonstrated by its evaluation through interviews with senior industry professionals, as well as a critical assessment against relevant practice and research. The framework is further refined based on these evaluations, and an updated version defined. This research represents the first grounded, comprehensive and evaluated proposal for characterising effective corporate communication after cyber security incidents

Relationship Between Corporate Governance and Information Security Governance Effectiveness in United States Corporations

Cyber attackers targeting large corporations achieved a high perimeter penetration success rate during 2013, resulting in many corporations incurring financial losses. Corporate information technology leaders have a fiduciary responsibility to implement information security domain processes that effectually address the challenges for preventing and deterring information security breaches. Grounded in corporate governance theory, the purpose of this correlational study was to examine the relationship between strategic alignment, resource management, risk management, value delivery, performance measurement implementations, and information security governance (ISG) effectiveness in United States-based corporations. Surveys were used to collect data from 95 strategic and tactical leaders of the 500 largest for-profit United States headquartered corporations. The results of the multiple linear regression indicated the model was able to significantly predict ISG effectiveness, F(5, 89) = 3.08, p = 0.01, R² = 0.15. Strategic alignment was the only statistically significant (t = 2.401, p \u3c= 0.018) predictor. The implications for positive social change include the potential to constructively understand the correlates of ISG effectiveness, thus increasing the propensity for consumer trust and reducing consumers' costs

Users’ perception of Facebook data use and data privacy concerns: the Nigerian case

The study investgated Nigerian Facebook users’ perception of Facebook’s data use and data privacy concerns from the perspective of the sense making theory, the theory of planned behaviour and the privacy calculus theory. It evaluated the users’ information sharing and seeking behaviour when using the platform, factors that promoted and impeded information seeking behaviour, differences in Facebook use across different population groups, level of awareness of Facebook’s data mining business model, level of trust in Facebook and the magnitude, causes and impact of data privacy concerns. A mixed methods research approach was adopted as the study involved collection of both qualitative and quantitative data. Qualitative data was collected through 30 semi-structured interviews involving Facebook users in Nigeria. The quantitative data was collected through an online survey that involved 389 respondents that were Facebook users in Nigeria. The qualitative data collected was evaluated through the thematic content analysis approach while the quantitative data collected was analysed through statistical analysis using SPSS. The study’s findings make an innovative contribution to existing knowledge on Nigerian Facebook users’ information sharing and seeking behaviour, data privacy concerns and trust in the platform from the perspective of the sense making theory, the theory of planned behaviour and the privacy calculus model. At the time of this study, there was limited literature coverage of the above issues from the perspective of the sense making theory, the theory of planned behaviour and the privacy calculus model. From a sense making perspective, the findings of the study indicated that regardless of Nigerian Facebook users’ level of education attainment, ethnicity, and occupation, they were likely to primarily use Facebook for purposes of content sharing and entertainment. The study’s findings indicated that data privacy concerns among Facebook users in Nigeria negatively impacted their intention to share information on the platform