Breaching the Perimeter: An Exploration of Patterns in Data Breach Environments 2005-2018

Abstract

This investigation explores patterns in the environment characteristics of US data breaches 2005-2018 using the Privacy Rights Clearinghouse Data Breach Chronology. More specifically, it uses two probit regression models to determine the relationship between attack/breach types, data types compromised and the following variables: organization type of breached entity, magnitude of data breach, day of week of breach, and week of year of breach. These regressions yielded many results given the large number of variables examined, a few of which are of particular interest. These include the high probability of data breaches resulting from errors on the part of educational institutions, government & military organizations, and medical organizations; and of breaches resulting from hacking/malware at business-type organizations. Conversely, both government & military and medical organizations are shown to have relatively low probabilities of succumbing to hacking/malware attacks. The notable results of this investigation are used to formulate recommendations for the relevant organization types on ways in which they can better protect themselves from data breaches in the future.