Estimates for Reasonable Data Breach Prevention
22 Pages Posted: 13 Jun 2015 Last revised: 5 May 2017
Date Written: June 12, 2015
Firms spend operating costs to mitigate the risk of data breach events. However, firms may not know how much to spend to prevent data breach events with varying incidence frequencies. I present a model that estimates the relationship of breach prevention spending to breach incidence rates for individual firms. After constructing a likelihood function, I use simulated results to show parameter estimates for a range of spending and breach frequencies. Probabilities for counterfactual scenarios are available as well. This model can accommodate variation in firm size, security spending, incidence frequency, and breach types. Estimates can show whether a firm’s breach prevention efforts fall within a range of industry averages.
Keywords: Data breach prevention, Data breach litigation
JEL Classification: K20, K40, L20
Suggested Citation: Suggested Citation