Investigating perceptions about risk of data breaches in financial institutions: A routine activity-approach

Abstract

Data breaches in financial institutions could produce extensive damage to an organization's operations. Therefore, it is critical for organizations to identify and assess threats in their operational environment to be able to implement prevention and mitigation strategies. Applying Routine Activity Theory (RAT), this paper develops a risk assessment model using employees’ perceptions of risks relative to potential breaches of sensitive data in their organizations. This paper empirically examines the roles of motivated offenders, suitable targets, and the influences of capable guardianship within the organization. Analyses of surveyed employees show that perceptions of value (using a multi-dimensional perspective), inertia, and accessibility of targeted sensitive data along with presence of guardians have an impact on assessment of risk about data breaches in financial institutions. The paper also extends RAT to account for the amount of information (both online and offline) available regarding the data influence the relationship between value of the sensitive data and suitability for data breach. Theoretical and practical implications are discussed.