IEEE Access (Jan 2024)

Assessing Data Breach Factors Through Modern Crime Theory: A Structural Equation Modeling Approach

  • Narjisse Nejjari,
  • Karim Zkik,
  • Hicham Hammouchi,
  • Mounir Ghogho,
  • Houda Benbrahim

DOI
https://doi.org/10.1109/ACCESS.2024.3423651
Journal volume & issue
Vol. 12
pp. 92198 – 92214

Abstract

Read online

Research into data security often emphasizes the need to understand the factors linked to security breaches, aiming to prevent future information security incidents. The advancement of digital technology has made safeguarding an organization’s sensitive data more complex. Despite the growth of research in data security, there’s currently a shortage of studies that specifically investigate the factors contributing to information security breaches in organizations. Previous studies have primarily examined the security posture of companies and organizations, focusing on the breach type and location. However, few studies have explored external factors that may contribute to organizations’ vulnerability to information security breaches. The current study addresses this gap in the literature by integrating modern crime theory (MCT) to investigate the exogenous factors influencing the victimization of public and private organizations to data breach incidents. We use insights from crime theories and information about organizations’ technical, organizational, and financial aspects to investigate how attractiveness, visibility, and guardianship affect the likelihood of data breaches. We build a theoretical model to explore the relationship between these factors as independent predictors of data breaches. A covariance-based structural equation modeling (CB-SEM) based framework is developed to conduct a comprehensive examination of the dynamics within the context of cybercrime. Through the examination of collected data from 4,868 organizations, this study demonstrates a good fit of the hypothesized model to the data, supporting the validity of the proposed constructs. The results of this study validate the use of MCT in the study of information security breach, and enable the identification of the major exogenous factors influencing data breaches, such as the attractiveness of valuable data and effectiveness of guardianship measures.

Keywords