Estimates for Reasonable Data Breach Prevention

22 Pages Posted: 13 Jun 2015 Last revised: 5 May 2017

See all articles by Sarah Oh

Sarah Oh

Technology Policy Institute

Date Written: June 12, 2015


Firms spend operating costs to mitigate the risk of data breach events. However, firms may not know how much to spend to prevent data breach events with varying incidence frequencies. I present a model that estimates the relationship of breach prevention spending to breach incidence rates for individual firms. After constructing a likelihood function, I use simulated results to show parameter estimates for a range of spending and breach frequencies. Probabilities for counterfactual scenarios are available as well. This model can accommodate variation in firm size, security spending, incidence frequency, and breach types. Estimates can show whether a firm’s breach prevention efforts fall within a range of industry averages.

Keywords: Data breach prevention, Data breach litigation

JEL Classification: K20, K40, L20

Suggested Citation

Oh, Sarah, Estimates for Reasonable Data Breach Prevention (June 12, 2015). GMU Working Paper in Economics, Available at SSRN: or

Sarah Oh (Contact Author)

Technology Policy Institute ( email )

1401 Eye St. NW
Suite 505
Washington, DC 20005
United States
2028284405 (Phone)
2028284405 (Fax)

Here is the Coronavirus
related research on SSRN

Paper statistics

Abstract Views
PlumX Metrics