Paper Type

ERF

Abstract

In an era of increased data breach incidents, researchers and practitioners have focused on specific access vectors such as credential abuse, exploitation of vulnerabilities, phishing, and other factors. Limited attention has been directed to factors that increase the likelihood of a subsequent attack. This paper examines the factors that shift within a firm in the time leading up to a second data breach, drawing on research from the past few months that points to specific organizational and operational factors as strong predictors of subsequent breaches. It proposes that consistent operational factors, such as third-party exposure and share price, along with organizational factors, like multiple executive leadership changes and perceived signals, play a key role in repeat breaches.

Paper Number

1636

Author Connect URL

https://authorconnect.aisnet.org/conferences/AMCIS2025/papers/1636

Comments

SIGSEC

Download
Author Connect Link

Share

COinS
 
Aug 15th, 12:00 AM

Understanding the antecedents of repeat data breach incidents for firms

In an era of increased data breach incidents, researchers and practitioners have focused on specific access vectors such as credential abuse, exploitation of vulnerabilities, phishing, and other factors. Limited attention has been directed to factors that increase the likelihood of a subsequent attack. This paper examines the factors that shift within a firm in the time leading up to a second data breach, drawing on research from the past few months that points to specific organizational and operational factors as strong predictors of subsequent breaches. It proposes that consistent operational factors, such as third-party exposure and share price, along with organizational factors, like multiple executive leadership changes and perceived signals, play a key role in repeat breaches.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.