{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T15:39:20Z","timestamp":1774366760171,"version":"3.50.1"},"reference-count":93,"publisher":"MDPI AG","issue":"6","license":[{"start":{"date-parts":[[2024,6,5]],"date-time":"2024-06-05T00:00:00Z","timestamp":1717545600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>A data breach is the unauthorized disclosure of sensitive personal data, and it impacts millions of individuals annually in the United States, as reported by Privacy Rights Clearinghouse. These breaches jeopardize the physical safety of the individuals whose data are exposed and result in substantial economic losses for the affected companies. To diminish the frequency and severity of data breaches in the future, it is imperative to research their causes and explore preventive measures. In pursuit of this goal, this study considers a dataset of data breach incidents affecting companies listed on the New York Stock Exchange and NASDAQ. This dataset has been augmented with additional information regarding the targeted company. This paper employs statistical visualizations of the data to clarify these incidents and assess their consequences on the affected companies and individuals whose data were compromised. We then propose mitigation controls based on established frameworks such as the NIST Cybersecurity Framework. Additionally, this paper reviews the compliance scenario by examining the relevant laws and regulations applicable to each case, including SOX, HIPAA, GLBA, and PCI-DSS, and evaluates the impacts of data breaches on stock market prices. We also review guidelines for appropriately responding to data leaks in the U.S., for compliance achievement and cost reduction. By conducting this analysis, this work aims to contribute to a comprehensive understanding of data breaches and empower organizations to safeguard against them proactively, improving the technical quality of their basic services. To our knowledge, this is the first paper to address compliance with data protection regulations, security controls as countermeasures, financial impacts on stock prices, and incident response strategies. Although the discussion is focused on publicly traded companies in the United States, it may also apply to public and private companies worldwide.<\/jats:p>","DOI":"10.3390\/fi16060201","type":"journal-article","created":{"date-parts":[[2024,6,5]],"date-time":"2024-06-05T10:05:50Z","timestamp":1717581950000},"page":"201","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["Impact, Compliance, and Countermeasures in Relation to Data Breaches in Publicly Traded U.S. Companies"],"prefix":"10.3390","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4502-2153","authenticated-orcid":false,"given":"Gabriel Arquelau Pimenta","family":"Rodrigues","sequence":"first","affiliation":[{"name":"Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Bras\u00edlia (UnB), Bras\u00edlia 70910-900, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5182-0496","authenticated-orcid":false,"given":"Andr\u00e9 Luiz Marques","family":"Serrano","sequence":"additional","affiliation":[{"name":"Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Bras\u00edlia (UnB), Bras\u00edlia 70910-900, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4551-2240","authenticated-orcid":false,"given":"Guilherme Fay","family":"Vergara","sequence":"additional","affiliation":[{"name":"Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Bras\u00edlia (UnB), Bras\u00edlia 70910-900, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6717-3374","authenticated-orcid":false,"given":"Robson de Oliveira","family":"Albuquerque","sequence":"additional","affiliation":[{"name":"Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Bras\u00edlia (UnB), Bras\u00edlia 70910-900, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5271-5540","authenticated-orcid":false,"given":"Georges Daniel Amvame","family":"Nze","sequence":"additional","affiliation":[{"name":"Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Bras\u00edlia (UnB), Bras\u00edlia 70910-900, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2024,6,5]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"381","DOI":"10.1080\/10919392.2020.1818521","article-title":"Financial loss due to a data privacy breach: An empirical analysis","volume":"30","author":"Tripathi","year":"2020","journal-title":"J. Organ. Comput. Electron. Commer."},{"key":"ref_2","unstructured":"Petkauskas, V. (2024, May 07). Mother of All Breaches Reveals 26 Billion Records. Available online: http:\/\/cybernews.com\/security\/billions-passwords-credentials-leaked-mother-of-all-breaches."},{"key":"ref_3","first-page":"162","article-title":"Economic costs and impacts of business data breaches","volume":"20","author":"Wang","year":"2019","journal-title":"Issues Inf. Syst."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1186\/s13174-016-0046-8","article-title":"A survey of compliance issues in cloud computing","volume":"7","author":"Yimam","year":"2016","journal-title":"J. Internet Serv. Appl."},{"key":"ref_5","unstructured":"Khan, F.S., Kim, J.H., Moore, R.L., and Mathiassen, L. (2019, January 15\u201317). Data breach risks and resolutions: A literature synthesis. Proceedings of the 25th Americas Conference on Information Systems, Canc\u00fan, Mexico."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"106924","DOI":"10.1016\/j.dib.2021.106924","article-title":"A dataset for accounting, finance and economics research on US data breaches","volume":"35","author":"Rosati","year":"2021","journal-title":"Data Brief"},{"key":"ref_7","first-page":"321","article-title":"A methodology for estimating the tangible cost of data breaches","volume":"19","author":"Layton","year":"2014","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_8","unstructured":"Sood, G., and Cor, K. (July, January 30). Pwned: The risk of exposure from data breaches. Proceedings of the 10th ACM Conference on Web Science, Boston, MA, USA."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1004","DOI":"10.1016\/j.procs.2019.04.141","article-title":"Digging deeper into data breaches: An exploratory data analysis of hacking breaches over time","volume":"151","author":"Hammouchi","year":"2019","journal-title":"Procedia Comput. Sci."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"175","DOI":"10.3390\/appliedmath3010011","article-title":"Analyzing Health Data Breaches: A Visual Analytics Approach","volume":"3","author":"Raghupathi","year":"2023","journal-title":"AppliedMath"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Lee, I. (2022). Analysis of insider threats in the healthcare industry: A text mining approach. Information, 13.","DOI":"10.3390\/info13090404"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Churi, P., Pawar, A., and Moreno-Guerrero, A.J. (2021). A comprehensive survey on data utility and privacy: Taking Indian healthcare system as a potential case study. Inventions, 6.","DOI":"10.3390\/inventions6030045"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"e13046","DOI":"10.2196\/13046","article-title":"Evaluation of privacy risks of Patients\u2019 data in China: Case study","volume":"8","author":"Gong","year":"2020","journal-title":"JMIR Med. Inform."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s40537-017-0110-7","article-title":"Big healthcare data: Preserving security and privacy","volume":"5","author":"Abouelmehdi","year":"2018","journal-title":"J. Big Data"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"85315","DOI":"10.1109\/ACCESS.2023.3303205","article-title":"A Comparative Analysis of Industrial Cybersecurity Standards","volume":"11","author":"Djebbar","year":"2023","journal-title":"IEEE Access"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Algarni, A.M., Thayananthan, V., and Malaiya, Y.K. (2021). Quantitative assessment of cybersecurity risks for mitigating data breaches in business systems. Appl. Sci., 11.","DOI":"10.3390\/app11083678"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Sun, M., and Lu, Y. (2022). A Generalized Linear Mixed Model for Data Breaches and Its Application in Cyber Insurance. Risks, 10.","DOI":"10.2139\/ssrn.4077521"},{"key":"ref_18","first-page":"100128","article-title":"Predicting the occurrence of a data breach","volume":"2","author":"Barati","year":"2022","journal-title":"Int. J. Inf. Manag. Data Insights"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"102502","DOI":"10.1016\/j.cose.2021.102502","article-title":"Apologize or justify? Examining the impact of data breach response actions on stock value of affected companies?","volume":"112","author":"Masuch","year":"2022","journal-title":"Comput. Secur."},{"key":"ref_20","first-page":"355","article-title":"Reaction of stock volatility to data breach: An event study","volume":"9","author":"Atsu","year":"2020","journal-title":"J. Cyber Secur. Mobil."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"100774","DOI":"10.1016\/j.gfj.2022.100774","article-title":"Informed trading in the options market surrounding data breaches","volume":"56","author":"Piccotti","year":"2023","journal-title":"Glob. Financ. J."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1007\/s10551-022-05107-z","article-title":"Is cybersecurity risk factor disclosure informative? Evidence from disclosures following a data breach","volume":"187","author":"Chen","year":"2023","journal-title":"J. Bus. Ethics"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Lulandala, E.E. (2020). Facebook data breach: A systematic review of its consequences on consumers\u2019 behaviour towards advertising. Strategic System Assurance and Business Analytics, Springer.","DOI":"10.1007\/978-981-15-3647-2_5"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Molitor, D., Raghupathi, W., Saharia, A., and Raghupathi, V. (2023). Exploring Key Issues in Cybersecurity Data Breaches: Analyzing Data Breach Litigation with ML-Based Text Analytics. Information, 14.","DOI":"10.3390\/info14110600"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"103638","DOI":"10.1016\/j.im.2022.103638","article-title":"Antecedents and consequences of data breaches: A systematic review","volume":"59","author":"Schlackl","year":"2022","journal-title":"Inf. Manag."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"103309","DOI":"10.1016\/j.cose.2023.103309","article-title":"Learning from cyber security incidents: A systematic review and future research agenda","volume":"132","author":"Patterson","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"103392","DOI":"10.1016\/j.im.2020.103392","article-title":"Data breach management: An integrated risk model","volume":"58","author":"Khan","year":"2021","journal-title":"Inf. Manag."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1016\/j.jnca.2017.10.016","article-title":"Data exfiltration: A review of external attack vectors and countermeasures","volume":"101","author":"Ullah","year":"2018","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Aslam, M., Khan Abbasi, M.A., Khalid, T., Shan, R.U., Ullah, S., Ahmad, T., Saeed, S., Alabbad, D.A., and Ahmad, R. (2022). Getting Smarter about Smart Cities: Improving Data Security and Privacy through Compliance. Sensors, 22.","DOI":"10.3390\/s22239338"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3439873","article-title":"Developing a global data breach database and the challenges encountered","volume":"13","author":"Neto","year":"2021","journal-title":"J. Data Inf. Qual."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1093\/jamiaopen\/ooy019","article-title":"Health IT, hacking, and cybersecurity: National trends in data breaches of protected health information","volume":"1","author":"Ronquillo","year":"2018","journal-title":"JAMIA Open"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"132","DOI":"10.1016\/j.irle.2019.03.007","article-title":"Why information security law has been ineffective in addressing security vulnerabilities: Evidence from California data breach notifications and relevant court and government records","volume":"58","author":"Park","year":"2019","journal-title":"Int. Rev. Law Econ."},{"key":"ref_33","unstructured":"Tsen, E., Ko, R., and Slapnicar, S. (2020). Dataset of Data Breaches and Ransomware Attacks over 15 Years from 2004, The University of Queensland."},{"key":"ref_34","unstructured":"Biddle, N., Edwards, B., Gray, M., and McEachern, S. (2020). ANU Poll 2018: Data Governance. ADA Dataverse."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Ikegami, K., and Kikuchi, H. (2021). Modeling the risk of data breach incidents at the firm level. Innovative Mobile and Internet Services in Ubiquitous Computing: Proceedings of the 14th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS-2020), Springer.","DOI":"10.1007\/978-3-030-50399-4_14"},{"key":"ref_36","unstructured":"Malliouris, D.D. (2021). Finance & Cyber Security: Uncovering Underlying and Consequential Costs of Security Breaches and Investments. [Ph.D Thesis, University of Oxford]."},{"key":"ref_37","unstructured":"Cornejo, G.A. (2021). Human Errors in Data Breaches: An Exploratory Configurational Analysis. [Ph.D Thesis, Nova Southeastern University]."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Obaydin, I., Xu, L., and Zurbruegg, R. (2024, April 04). The Unintended Cost of Data Breach Notification Laws: Evidence from Managerial Bad News Hoarding. SSRN 3926962. Available online: https:\/\/www.researchgate.net\/publication\/354769133_The_Unintended_Cost_of_Data_Breach_Notification_Laws_Evidence_from_Managerial_Bad_News_Hoarding.","DOI":"10.1111\/jbfa.12794"},{"key":"ref_39","unstructured":"Huh, J.Y. (2022). We Care About Your Privacy (When It Matters): How Firms Strategically Respond to Data Breach Incidents. [Ph.D Thesis, Duke University]."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Carfora, M.F., and Orlando, A. (2022). Some Remarks on Malicious and Negligent Data Breach Distribution Estimates. Computation, 10.","DOI":"10.3390\/computation10120208"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Benzell, S., Hersh, J.S., Van Alstyne, M.W., and Lagarda, G. (2024, April 04). How APIs Create Growth by Inverting the Firm. SSRN 3432591. Available online: https:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=3432591.","DOI":"10.1287\/mnsc.2023.4968"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"100328","DOI":"10.1016\/j.dajour.2023.100328","article-title":"A cybersecurity risk quantification and classification framework for informed risk mitigation decisions","volume":"9","author":"Zadeh","year":"2023","journal-title":"Decis. Anal. J."},{"key":"ref_43","unstructured":"Niyonzigira, F. (2023). Exploring Nonprofit Organizations\u2019 Successful Compliance Strategies Against Cyber Threats: A Qualitative Study Inquiry. [Ph.D Thesis, Capella University]."},{"key":"ref_44","unstructured":"Mulla, S.M., and Ghorpade, V.R. (2023, January 15\u201317). Evolution of Predictive Methodologies to Obstruct Ever-Growing Data Breaches. Proceedings of the 10th International Conference on \u201cComputing for Sustainable Global Development\u201d, New Delhi, India."},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"101893","DOI":"10.1016\/j.rineng.2024.101893","article-title":"Mapping of data breaches in companies listed on the NYSE and NASDAQ: Insights and Implications","volume":"21","author":"Rodrigues","year":"2024","journal-title":"Results Eng."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"1203","DOI":"10.1007\/s12145-024-01236-3","article-title":"K-Means Featurizer: A booster for intricate datasets","volume":"17","author":"Kouadio","year":"2024","journal-title":"Earth Sci. Inform."},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Hamza, F. (2024). Not Just for Investment and Job Search: The Role of Earnings Announcement as a Driver of Cyber Risks. Information and Communication Technology in Technical and Vocational Education and Training for Sustainable and Equal Opportunity: Education, Sustainability and Women Empowerment, Springer.","DOI":"10.1007\/978-981-99-6909-8_13"},{"key":"ref_48","unstructured":"Stevens, G.M. (2024, April 04). Data Security Breach Notification Laws. Available online: https:\/\/journalistsresource.org\/wp-content\/uploads\/2012\/04\/R42475.pdf."},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"93","DOI":"10.2308\/ISSUES-18-010","article-title":"Heartland payment systems: Cybersecurity impact on audits and financial statement contingencies","volume":"36","author":"Reidenbach","year":"2021","journal-title":"Issues Account. Educ."},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1080\/17521440.2020.1833432","article-title":"The impact of data breaches on corporations and the status of potential regulation and litigation","volume":"14","author":"Klaus","year":"2020","journal-title":"Law Financ. Mark. Rev."},{"key":"ref_51","unstructured":"Cohen, D.T., Hatchard, G.W., and Wilson, S.G. (2015). Population Trends in Incorporated Places: 2000 to 2013, US Department of Commerce, Economics and Statistics Administration, US Census Bureau."},{"key":"ref_52","doi-asserted-by":"crossref","unstructured":"Poornachandran, P., Nithun, M., Pal, S., Ashok, A., and Ajayan, A. (2016). Password reuse behavior: How massive online data breaches impacts personal data in web. Innovations in Computer Science and Engineering: Proceedings of the Third ICICSE, 2015, Springer.","DOI":"10.1007\/978-981-10-0419-3_24"},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1016\/S1353-4858(18)30111-9","article-title":"Learning lessons from data breaches","volume":"2018","author":"Roberts","year":"2018","journal-title":"Netw. Secur."},{"key":"ref_54","unstructured":"Minkus, T., and Ross, K.W. (2014, January 16\u201318). I know what you\u2019re buying: Privacy breaches on ebay. Proceedings of the Privacy Enhancing Technologies: 14th International Symposium, PETS 2014, Amsterdam, The Netherlands. Proceedings 14."},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Pimenta Rodrigues, G.A., Marques Serrano, A.L., Lopes Espi\u00f1eira Lemos, A.N., Canedo, E.D., Mendon\u00e7a, F.L.L.d., de Oliveira Albuquerque, R., Sandoval Orozco, A.L., and Garc\u00eda Villalba, L.J. (2024). Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review. Data, 9.","DOI":"10.3390\/data9020027"},{"key":"ref_56","unstructured":"Potter, A., Campbell, K., Baldin, A., Chambers, H., Toto, B., Saturnino, F., and Prescott, V. (2023). Comparing Comprehensive Us Privacy Laws: A Guide to Compliance, OneTrust DataGuidance. Technical Report."},{"key":"ref_57","unstructured":"Coie, P. (2024, April 04). Security Breach Notification Chart. Available online: https:\/\/www.perkinscoie.com\/en\/news-insights\/security-breach-notification-chart.html."},{"key":"ref_58","unstructured":"IBM (2023). Cost of a Data Breach Report, IBM Security. Technical Report."},{"key":"ref_59","unstructured":"(2023). Security for Industrial Automation and Control Systems (Standard No. ISA 62443-3-3:2013)."},{"key":"ref_60","unstructured":"(2013). Information Security, Cybersecurity and Privacy Protection (Standard No. ISO\/IEC 27001:2013)."},{"key":"ref_61","unstructured":"(2023). Security and Privacy Controls for Information Systems and Organizations (Standard No. NIST SP 800-53)."},{"key":"ref_62","first-page":"11","article-title":"Security breach at target","volume":"29","author":"Plachkinova","year":"2018","journal-title":"J. Inf. Syst. Educ."},{"key":"ref_63","unstructured":"Shu, X., Tian, K., Ciambrone, A., and Yao, D. (2017). Breaking the target: An analysis of target data breach and lessons learned. arXiv."},{"key":"ref_64","unstructured":"Rosenblum, P. (2023, October 22). Lessons from Home Depot: Expect Hackers to Crack More Retailers This Holiday Season. Available online: https:\/\/www.forbes.com\/sites\/paularosenblum\/2014\/11\/06\/lessons-from-home-depot-expect-hackers-to-crack-more-retailers-this-holiday-season\/?sh=1f6436ea68bc."},{"key":"ref_65","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1016\/S1361-3723(16)30015-X","article-title":"The global implications of US EMV adoption","volume":"2016","author":"Froud","year":"2016","journal-title":"Comput. Fraud Secur."},{"key":"ref_66","doi-asserted-by":"crossref","first-page":"693","DOI":"10.1057\/s41284-022-00359-w","article-title":"Card-not-present fraud: Using crime scripts to inform crime prevention initiatives","volume":"36","author":"Bodker","year":"2022","journal-title":"Secur. J."},{"key":"ref_67","doi-asserted-by":"crossref","first-page":"103387","DOI":"10.1016\/j.cose.2023.103387","article-title":"Mitigation strategies against the phishing attacks: A systematic literature review","volume":"132","author":"Naqvi","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_68","doi-asserted-by":"crossref","first-page":"756","DOI":"10.1016\/j.cose.2017.09.013","article-title":"A survey of similarities in banking malware behaviours","volume":"77","author":"Black","year":"2018","journal-title":"Comput. Secur."},{"key":"ref_69","doi-asserted-by":"crossref","unstructured":"Bhardwaj, A., Kaushik, K., Maashi, M.S., Aljebreen, M., and Bharany, S. (2022). Alternate Data Stream Attack Framework to Perform Stealth Attacks on Active Directory Hosts. Sustainability, 14.","DOI":"10.3390\/su141912288"},{"key":"ref_70","doi-asserted-by":"crossref","first-page":"1267","DOI":"10.1017\/S1816383122000194","article-title":"The SolarWinds hack: Lessons for international humanitarian organizations","volume":"104","author":"Marelli","year":"2022","journal-title":"Int. Rev. Red Cross"},{"key":"ref_71","first-page":"537","article-title":"Software supply chain attacks, a threat to global cybersecurity: SolarWinds\u2019 case study","volume":"11","year":"2021","journal-title":"Int. J. Saf. Secur. Eng."},{"key":"ref_72","doi-asserted-by":"crossref","unstructured":"Dwork, C. (2006, January 10\u201314). Differential privacy. Proceedings of the International Colloquium on Automata, Languages and Programming, Venice, Italy.","DOI":"10.1007\/11787006_1"},{"key":"ref_73","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3626494","article-title":"Between privacy and utility: On differential privacy in theory and practice","volume":"1","author":"Seeman","year":"2024","journal-title":"ACM J. Responsible Comput."},{"key":"ref_74","doi-asserted-by":"crossref","first-page":"15990","DOI":"10.1109\/JIOT.2023.3267082","article-title":"Automatic Tuning of Privacy Budgets in Input-Discriminative Local Differential Privacy","volume":"10","author":"Murakami","year":"2023","journal-title":"IEEE Internet Things J."},{"key":"ref_75","unstructured":"Ponemon Institute (2024, April 04). Cost of Insider Threats Global Report. Available online: https:\/\/www.exclusive-networks.com\/ie\/wp-content\/uploads\/sites\/19\/2020\/12\/UK-VR-Proofpoint-Report-2020-Cost-of-Insider-Threats.pdf."},{"key":"ref_76","unstructured":"ENISA (2024, April 04). Threat Landscape Report 2016. Available online: https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-report-2016."},{"key":"ref_77","doi-asserted-by":"crossref","first-page":"e18175","DOI":"10.2196\/18175","article-title":"Hospital bring-your-own-device security challenges and solutions: Systematic review of gray literature","volume":"8","author":"Wani","year":"2020","journal-title":"JMIR MHealth UHealth"},{"key":"ref_78","unstructured":"Uz, A. (2014). The effectiveness of remote wipe as a valid defense for enterprises implementing a BYOD policy. [Ph.D. Thesis, Universit\u00e9 d\u2019Ottawa\/University of Ottawa]."},{"key":"ref_79","first-page":"301113","article-title":"One key to rule them all: Recovering the master key from RAM to break Android\u2019s file-based encryption","volume":"36","author":"Busch","year":"2021","journal-title":"Forensic Sci. Int. Digit. Investig."},{"key":"ref_80","first-page":"993","article-title":"California v. Greenwood: The trashing of privacy","volume":"38","author":"Herdrich","year":"1988","journal-title":"Am. UL Rev."},{"key":"ref_81","unstructured":"(2014). Data Destruction (Standard No. NIST SP 800-88)."},{"key":"ref_82","unstructured":"(2012). Office Machines\u2014Destruction of Data Carriers, Deutsches Institut f\u00fcr Normung e.V (Standard No. DIN 66399)."},{"key":"ref_83","doi-asserted-by":"crossref","first-page":"8","DOI":"10.54692\/ijeci.2022.0602101","article-title":"The Data Carving-The Art of Retrieving Deleted Data as Evidence","volume":"6","author":"Azeem","year":"2022","journal-title":"Int. J. Electron. Crime Investig."},{"key":"ref_84","first-page":"68","article-title":"Systematic Literature Review Crime Prevention through Environmental Design (CPTED) in Physical Security for IT Organization","volume":"10","author":"Tan","year":"2022","journal-title":"Open Int. J. Inform."},{"key":"ref_85","doi-asserted-by":"crossref","unstructured":"Fennelly, L.J., and Perry, M.A. (2020). Encompassing effective CPTED solutions in 2020 and beyond: Concepts and strategies. Handbook of Loss Prevention and Crime Prevention, Elsevier.","DOI":"10.1016\/B978-0-12-817273-5.00007-7"},{"key":"ref_86","unstructured":"(2023). Guidelines for Managing the Security of 34 Mobile Devices in the Enterprise (Standard No. NIST SP 800-12)."},{"key":"ref_87","first-page":"752","article-title":"Security education, training, and awareness programs: Literature review","volume":"62","author":"Hu","year":"2022","journal-title":"J. Comput. Inf. Syst."},{"key":"ref_88","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1108\/ICS-08-2022-0133","article-title":"Critical success factors for Security Education, Training and Awareness (SETA) programme effectiveness: An empirical comparison of practitioner perspectives","volume":"32","author":"Alyami","year":"2023","journal-title":"Inf. Comput. Secur."},{"key":"ref_89","unstructured":"(2012). Making Government Services Easier to Find (Standard No. NIST SP 800-61)."},{"key":"ref_90","unstructured":"(2006). Guide to Integrating Forensic Techniques into Incident Response (Standard No. NIST SP 800-86)."},{"key":"ref_91","unstructured":"Rabello, A., Goulart, J., Karam, M., Pitanga, M., Baldoino Filho, R.G., and Ricioni, R. (2021). Proposed Incident Response Methodology for Data Leakage. ICSEA 2021, 60."},{"key":"ref_92","unstructured":"(2023). Information Security Incident Management\u2014Training Courses (Standard No. ISO 27035)."},{"key":"ref_93","unstructured":"Hillmann, F., Klauenberg, T., Schroeder, L., and Diesterh\u00f6ft, T.O. (2023). A User-centric View on Data Breach Response Expectations. CIISR, 19."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/16\/6\/201\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T14:54:08Z","timestamp":1760108048000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/16\/6\/201"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,5]]},"references-count":93,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2024,6]]}},"alternative-id":["fi16060201"],"URL":"https:\/\/doi.org\/10.3390\/fi16060201","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,6,5]]}}}