Statistical analysis of relationships of US organisations’ size, popularity, age and location to frequency of data breaches

Abstract

Given the widespread occurrence of data breaches, it is useful for consumers to learn which factors of an organisation, for example, size, popularity or location, will contribute to increased data breach risks. Existing work on risk assessment requires detailed internal information of an information system, which is not available to the public. Furthermore, organisations typically do not want results of such analysis of their IT systems to be made public. This paper conducts comprehensive statistical analyses of the relationships between publicly available information to frequency of data breaches. The publicly available information includes size-related characteristics such as revenue, number of employees, population served and enrolment, popularity-related characteristics such as number of Google Search results, age of the organisation and location of the organisation. We used Pearson, Spearman and Kendall correlation analysis methods to test whether these characteristics are indicators for frequent data breaches for different types of US organisations. We also used linear regression to predict the frequency of data breaches. The results verified that many of these indicators have significant correlation to organisations’ frequency of data breaches. The result of this paper can help consumers make more informed decisions with respect to risks of data breaches.