Title: Impediments to High-Accuracy Breach Severity Reporting

Issue Number: Vol. 11, No. 1
Year of Publication: 2022
Page Numbers: 1-10
Authors: John W. Coffey, Caroline S. John, Ezhil Kalaimannan
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong

Abstract:


Accurate assessment and reporting of data breach impacts on individuals whose data is breached is highly desirable. The goal of this article is to address the point of whether or not, in the general case, fine-grained assessment of data breach severity and ultimate impacts on those whose data is breached is feasible. Uncertainty abounds around data breaches. In addition to difficulties inherent in the forensics process, firms have significant disincentives to disclose more than necessary, and (in the United States) usually only do so in order to meet highly varying reporting requirements. This article addresses various approaches to the quantification of the severity of data breaches and various forensic strategies to characterize them. This article also contains consideration of the role of anti-forensic measures in obscuring the reach and impact of data breaches. The paper concludes with a recounting of ways to improve data breach reporting.