RESEARCH STATEMENT:
Our aim is to leverage knowledge-mining techniques to understand digitalization practices within government institutions. Specifically, in a data-driven modern society, the protection of citizen data is a growing concern. Policy interventions such as the Federal Data Breach Disclosure Law have emerged as a tool to ensure transparency and better governance of personal data. Inspired by Gay’s (2017) and Sullivan’s (2010) studies, this research study will look at the public sector to ascertain the strength of correlations between select financial metrics derived from the Electronic Municipal Market Access (EMMA) dataset and whether a city government was hacked or not (i.e. a binary dependent variable) which we will pull from various state-wide disclosures. If we find statistically significant relationships via our slated approaches, we may further analyze the effects of cyberattacks on the overall financial performance of the affected entities.
BACKGROUND & IMPACT - WHY IS THIS IMPORTANT?
According to the Privacy Rights Org 2023 report, there have been 20,030 data breaches in the U.S. since 2005 that leak out 1,993,415,481 impacted records. And according to CompariTech, U.S. schools had at least 2,691 data breaches that leaked 32 million records! The main sources of breaches are hacking, ransomware attacks, and third-party breaches such as the Illuminate Breach incident in 2021 to 2022, affecting 605 educational institutions with 2.1 million individual records being compromised. This means an individual’s personally identifiable information (PII), such as name, full social security number, date of birth, address, ID numbers, medical history, banking information, and other undisclosed records, are compromised or stolen. Such events victimize individuals and put them at risk for identification frauds and financial frauds. Billions of compromised individual records, with an average cost of $9.44 million per breach, have posed and continue to pose a great economic burden on both the private and public sectors.
CONTRIBUTION & CURRENT LITERATURE:
Data breach incidents from 2005 to 2010 indicate governments experience the second-highest share of compromised data records. Yet, there are few studies that analyze the characteristics of governments that are targets of cyber-attacks. Current literature on cyber breaches mainly concentrates on the private sector.The only two papers studying the effect of municipal cyber breaches on municipal bonds show conflicting findings on bond yields. Our aim is to better understand the factors that contribute to the likelihood of government entities becoming the target of cyberattacks, of which there can be many, including but not limited to party affiliation, financial structure, and scope of jurisdiction. We hope to take this research further and analyze the effect of cyberattacks on the financial performance of the entity using municipal bond data as a reference.
METHODOLOGY & METHODS:
Financial data will be derived from the Electronic Municipal Market Access (EMMA) dataset, a product of the Municipal Securities Rulemaking Board (MSRB). Breach data will be acquired from various state-wide disclosures. We plan to use unsupervised methods such as K-Means Clustering, Hierarchical Clustering, and Principal Components Analysis (Sohil et al. 2022, ch. 12-13) in order to help tease apart relationships between all our data. We will also use various supervised machine learning methods such as logistic, K-nearest neighbor, decision tree-based, and support vector machines classification methods, along with polynomial and spline regression (Sohil et al. 2022, ch. 4-9) in order to find information concerning any structured relationships between these variables. Specifically using the fact of a local government experiencing a breach or not as our dependent variable. Additionally, we plan on using re-sampling methods such as cross-validation and bootstrapping (Sohil et al. 2022, ch. 5) to test the strength of various approaches. This research will seek to contribute to policy analysis more generally by identifying patterns and correlations that elucidate the evolving role of digitalization in the context of modern governance. Of course, the results of our findings will be limited to the locales we study and not directly generalizable to other cities, states, nations, etc.
DATA COLLECTION & SOURCES
Data Source: o https://debtsearch.brb.texas.gov/ o https://comptroller.texas.gov/transparency/open-data/cpa-databases/ o MSRB | MSRB - Municipal Securities Rulemaking Board::EMMA (msrb.org) o FINRA Data
REFERENCES
Gay, Sebastien. 2017. “Strategic News Bundling and Privacy Breach Disclosures.” Journal of Cybersecurity 3(2): 91–108. doi:10.1093/cybsec/tyx009. Morgan Lewis. “Study Finds Average Cost of Data Breaches Reaches All-Time High in 2022.” https://www.morganlewis.com/blogs/sourcingatmorganlewis/2023/01/study-findsaverage-cost-of-data-breaches-reaches-all-time-high-in-2022 (February 20, 2024). MSRB. “Municipal Securities Rulemaking Board::EMMA.” https://emma.msrb.org/ (February 20, 2024). NCSL. 2022. “Security Breach Notification Laws.” Security Breach Notification Laws. https://www.ncsl.org/technology-and-communication/security-breach-notification-laws# (February 20, 2024). PrivacyRights.org. “United States Data Breach Notification in the United States 2023 Report | Privacy Rights Clearinghouse.” Data Breaches. https://privacyrights.org/resources/united-states-data-breach-notification-united-states2023-report (February 20, 2024). Sohil, Fariha, Muhammad Umair Sohali, and Javid Shabbir. 2022. “An Introduction to Statistical Learning with Applications in R: By Gareth James, Daniela Witten, Trevor Hastie, and Robert Tibshirani, New York, Springer Science and Business Media, 2013, $41.98, eISBN: 978-1-4614-7137-7.” Statistical Theory and Related Fields 6(1): 87–87. doi:10.1080/24754269.2021.1980261. Sullivan, Richard J. 2010. “The Changing Nature of U.S. Card Payment Fraud: Industry and Public Policy Options.”