Data security crisis in universities: identification of key factors affecting data breach incidents

Abstract

The extremely complex and dynamic digital environments of universities make them highly vulnerable to the risk of data breaches. This study empirically investigated the factors influencing data breach risks in the context of higher education, according to crime opportunity theory and routine activity theory. The data consisted of university samples from China and were collected mainly from the Chinese Education Industry Vulnerability Reporting Platform. After applying Poisson regression for the estimation, increased public disclosure of vulnerabilities was found to escalate the frequency of data breaches, whereas cross-border data flow decreased the number of data breaches. Furthermore, the mechanism by which academic strength affects data breaches was examined through the two mediators of cross-border data flow and vulnerability disclosure. In addition, cloud adoption reduced data breaches, and public clouds were determined to be relatively more secure than private clouds. Cloud adoption also acted as a moderator between the negative impact of vulnerabilities and the positive impact of cross-border data flow on data breaches. The estimation and robustness findings revealed the underlying mechanisms that impacted university data security, clarifying the understanding of data breaches and suggesting practical implications for universities and other institutes to improve information security. The findings of this study provide insights and directions for future research.