Abstract
As data breaches have surged worldwide, research rarely links their characteristics to the response strategy of an organization. This thesis asks: “In what form do data breach characteristics influence the response strategiesorganizations use following a breach?”. Using generative AI, over 10,000 Breach Notification Letters have been studied, scoring the response for elements as timing, level of detail, corrective action, and compensation.
Specific characteristics such as breach type, data confidentiality, and data lifespan were all found to have a significant effect on responses. Intentional & External breaches were found to trigger the most assertive response, resulting in higher compensation and more corrective actions. Insider attacks do not affect
compensation offered but increase the time until notification significantly. Finally, despite well documented risks associated with them, more obscure data types, such as NPII and Non-Persistent data, trigger a weaker response, indicating a lesser perceived threat. The results highlight the need for a context dependent approach and expose a blind spot in current legislation. Future research should focus on underlying driving factors of the
found effects and help improve the response strategies effectiveness, reducing costs for organizations and consumers alike.
| Date of Award | 6 May 2025 |
|---|---|
| Original language | Dutch |
| Supervisor | Laury Bollen (Examiner) & Venkata Marella (Co-assessor) |
Keywords
- Data Breach
- Response Strategy
- Breach Type
- Data Confidentiality
- Data Lifespan
- Generative AI Analytics
Master's Degree
- Master Business Process management & IT (BPMIT)