MODELING ORGANIZATIONAL VULNERABILITY TO DATA BREACHES USING MODERN CRIME THEORY

Abstract

Research on data security generally highlights the need to identify the variables associated to security breaches, hoping to avoid future information security disasters. The complexity of protecting sensitive data inside an organisation has increased with the development of digital technologies. Even while data security research is expanding, there aren't many studies that particularly look at the causes of information security breaches in businesses. Previous studies have focused studied the security posture of firms and organizations, concentrating on the breach kind and location. Few studies, nonetheless, have looked at outside variables that can increase an organization's susceptibility to information security breaches. By using contemporary criminal theory (MCT) to examine the exogenous elements impacting the victimisation of public and private organisations to data breach occurrences, the present research fills this gap in the literature. We examine the effects of attraction, visibility, and guardianship on the probability of data breaches using knowledge about the technological, organisational, and financial characteristics of organisations as well as insights from crime theories. To investigate the connection between these variables as separate predictors of data breaches, we develop a theoretical model. A covariance-based structural equation modeling (CB-SEM) based methodology is designed to undertake a complete assessment of the dynamics within the setting of cybercrime. The validity of the suggested constructs is supported by this study's analysis of data gathered from 4,868 organisations, which shows a strong match between the hypothesised model and the data. The study's findings support the application of MCT to information security breach research and make it possible to pinpoint the main exogenous variables affecting data breaches, such as the allure of valuable data and the efficacy of guardianship measures.