Professional Documents
Culture Documents
Research Proposal
Research Proposal
DATA BREACHES
Research Proposal
Indang, Cavite
In partial fulfillment
BS Accountancy 3-4
December 2022
Republic of the Philippines
CAVITE STATE UNIVERSITY
DON SEVERINO DE LAS ALAS CAMPUS
Indang, Cavite
www.cvsu.edu.ph
Department of Accountancy
DATA BREACHES
APPROVED:
APPROVAL SHEET.................................................................................................. ii
INTRODUCTION ...................................................................................................... 1
METHODOLOGY .................................................................................................... 16
Hypotheses .......................................................................................................... 16
REFERENCES ........................................................................................................ 19
IMPLICATIONS ON MANAGING CYBER SECURITY RISKS FACED BY
BUSINESS ENTERPRISES IN AVOIDING FINANCIAL
DATA BREACHES
INTRODUCTION
information within and outside the company, cybersecurity threats and attacks arise.
from some sort of failure of its information technology systems (cited in IRM Cyber
Risk: Executive Summary, 2014). There are several factors in how cyber threats
happen; In the study by Dr. Veena. S et al. (2018), cyber risks may occur due to natural
permissions, and overloading of the network. Threats to the company's safety might
amateur hackers, can be the reason behind these actions (Invest Northern Ireland).
2
increase every year; According to the J.D. Power 2016 Cyber Insurance Pulse Study,
companies lose about $188,400 from cyber-related attacks annually. These attacks
are most likely to increase over the next two years, as ThoughtLab executives envision
that these risks are primarily rooted in software misconfigurations (49%), human error
(40%), poor maintenance (40%), and unknown assets (30%). It has been a growing
concern for many experts since many studies revealed that a high percentage of
for a Riskier World, by B. A. Hamilton et al. (2022), about 29% of CEOs and CISOs
and 40% of chief security officers disclosed their organizations' unpreparedness for a
rapidly changing threat landscape. "The reasons cited include the complexity of supply
chains (44%), the fast pace of digital innovation (41%), inadequate cybersecurity
budgets and lack of executive support (both 28%), a convergence of digital and
physical assets (25%), and shortage of talent (24%)," (cited in ThoughtLab, 2022).
While these lists have brought damages, what mainly concerns the
organizations in the Philippines is data loss (70%) among other participants (Kroll,
October 2022). Recently, in the Philippines, the Bank of the Philippine Islands (BPI)
experienced a system glitch that caused them to receive complaints from its account
Cua and E. Gomez, 2023). Since these incidents happen daily, Bangko Sentral ng
Pilipinas (BSP) bring about reporting within two hours of first detecting the crime to
Chipongian, 2023). The BSP said this is necessary due to the “speed of exploitation,
a proliferation of attack tools and actors, and potentially massive extent of the damage”
need to work together to detect and respond to threats" (M. Williams, 2018); It also
stated that security-related risks are reduced by 70% when businesses invest in
strategy for identifying areas of vulnerability in minimizing the risks and preventing
revenue loss from compromised data and resources (M. Adams, 2022). This study will
overcome.
a. the estimated cost of the company's intended cybersecurity tools and their
b. the average lost revenue the company incurs from security breaches and
a. the estimated cost of the company's intended cybersecurity tools and their
b. the average lost revenue the company incurs from security breaches and
Hence, it is only vital for companies to embrace new ideas and strategies in dealing
with these risks and keep up with changes. This research will bring the utmost
advantage to the researcher, while it is also beneficial to whoever seeks it, particularly
faced by business enterprises. It will help to enhance the implemented rules and keep
managing cybersecurity risks. It will provide them with information on ensuring safety
IT security managers. At the end of this research, these experts will also be
beneficiaries; through seeing the perspective of other companies on how they cope
with cybersecurity risks. It will help them gain new knowledge from other's experiences
control. By seeing possibilities and implications, management can have much more
knowledge to those who wish to conduct a study related to cybersecurity. It will enable
the researcher to be resourceful and bring significance to this field; to further expand
by business enterprises. It aims to look at the tools, solutions, and types of risks faced
existing cybersecurity— with the intent of avoiding financial data breaches. The study
will also aim to correlate the relationship between the estimated cost of the company's
Furthermore, the research will assess if there is any significant connection between
the average lost revenue the company incurs from security breaches and the elapsed
training and monitoring concerning cybersecurity and how frequently insider threats
This study will not discuss the questions excluded and overlooked in this
research. It will be limited to fifteen (15) locally available business enterprises with prior
Definition of Terms
the attackers lay out ‘bait’ which enables them to access the target system.
accidents by employees.
Network security monitoring tools. These tools are used to analyze network
data and detect network-based threats. Examples of tools include Argus, Nagios, Pof,
injection, and path traversal. Examples include: Burp Suite, Nikto, Paros Proxy, and
SQLMap.
evaluate the security of that system. Examples are: Metasploit, Kali Linux, Netsparker,
and Wireshark.
including ransomware, worms, spyware, adware, and Trojans. Examples are: Norton
7
360, Bitdefender Antivirus, Norton AntiVirus, Kapersky Anti-Virus, and McAfee Total
Protection.
Network intrusion detection. Monitors network and system traffic for unusual
Packet sniffers. Used to intercept, log, and analyze network traffic and data.
Firewall tools. A network security device that keeps track of and filters
incoming and outgoing network traffic in accordance with the security guidelines
eliminate cyber threats. Alerts are investigated to determine if any action is required.
devices, capable of communicating with other points and devices across the network.
Such devices come in many forms, from PCs, tablets, and mobile phones to smart
Security Information and Event Monitoring (SIEM). Gathers log and event
network and endpoint security tools, cloud monitoring tools, identity providers, etc.).
After that, this data is examined using established threat detection algorithms and
important evolution in computer science and data processing. The goal is to simulate
Virtual Private Network (VPN). VPNs encrypt your internet traffic and disguise
your online identity. This makes it more difficult for third parties to track your activities
detecting cyber-attacks before they reach a critical stage. MDR relies on cloud
computing, which provides important information about a threat and how it was
detected. MDR takes this information and creates defensive measures to combat the
attack.
Theoretical Framework
that seeks to precisely assess the state of cybersecurity progress in each nation state.
around the world and its incorporation into the foundation of information and
business ABI Research are the organizations that have started the initiative.
Political, criminal, terrorist, and hacktivist groups are only a few of the many,
expertise, the instruments at their disposal get more complex and advanced, and the
The GCI's long-term goal is to promote additional initiatives for the adoption
plans will show which states excel in particular areas, exposing less well-known but
effective cybersecurity strategies. This may lead to more information being shared
about implementing cybersecurity for those states with varying levels of development.
The index will enable states to evaluate where they are on a scale of development,
where they need to make additional improvements, and how far they are from adopting
Union, 2018)
This project bases its logical theory on the future of cybersecurity risks. Their
this study. Managing cybersecurity risks around the world needs global participation.
Conceptual Framework
shows the considerable correlation between the expected cost of the company's
graph demonstrates the relationship between the amount of time it takes to recover
from cybersecurity attacks and the average lost revenue that a company incurs as a
and the frequency of insider threats.Finally, the illustration represents the connection
sources, the researcher summarizes the relevant literature and studies in this chapter.
For instance, there should be professionals who are aware of how to prevent viruses
time-sensitive business hours because a hack could stop the production. It would also
waste the time and effort of the workers, which would ultimately result in inefficiency.
they have a big impact on how customers perceive the business. Customers who have
supported a brand or company for decades will gradually start doing business with
rivals. Its significance is due to the fact that data security and privacy are crucial in
today's society. Customers will stop trusting a corporation if it doesn't protect their data
(Din, 2022).
Data breaches can happen at any time, even to the most technologically advanced
organizations, therefore businesses should never feel too confident in the security of
their corporate data given the rising number of cyber threats (Linao, 2022).
In the short term, a data breach could result in urgent repair as well as any fines
related to the information that cybercriminals may have obtained. In the short term, a
cyber insurance provider can assist organizations with root cause analysis, pay for the
costs of reporting a breach, and in some situations, cover the reputational harm caused
11
by the breach. The effects of a data breach, however, are always there in the long run
(Johnson, 2022).
A data leak might be the end of a company. Since 60% of SMBs will close their
doors within six months of the attack, this is very alarming for SMBs. Even though
larger businesses and agencies probably won't have to close their doors, they
Every organization, meanwhile, takes a moment to sit down and create its budget at
executives must make difficult decisions as the cost of data breaches keeps rising.
Prices for goods and services will rise if the cost of doing business increases as a
Some people believe that the accounting life cycle and data security are
unrelated. That is factually incorrect. For instance, in addition to hacking, financial data
dangers can also involve mistakes and unintended data breaches, necessitating
complex solutions to protect data. Accountants and accounting firms are aware that
financial data breaches pose a threat to their livelihood, company expansion, client
relationships, and other factors. The same account information that is used to track
debits and credits is also susceptible to viruses and other bad behavior (Accounting
Insights, 2021).
Accounting firms run the risk of losing money, clients, and their reputation if they don't
organizations while systems are being held for ransom, as well as high costs for
warning customers, evaluating the assault, repairing the damage, and paying for
particularly vulnerable since their systems store enormous amounts of confidential and
information, salary information, investment data, future plans, and intellectual property
are the most common types of this. Access to this crucial data will be highly motivated
procedures are made to preserve valuable corporate assets and keep the business
secure and intact is one of the most efficient approaches to ensure that the
organization is taking the right actions to reduce risks. Internal controls give employees
the resources they need to do their duties in a way that safeguards the company's
Like any businesses, family offices need to be cautious about the risks posed
by current and former employees as well as their connections with outside vendors,
especially those who have some level of access to management firm data (Deflin,
2019).
Managers and accountants are not unfamiliar with the need to build and assess
the working efficiency of controls meant to manage the risks of a company. Enterprise
monitor these risks. Managers and auditors assess the design and operational efficacy
of systems of internal control over financial reporting using COSO's Internal Control—
A 2018 InsuranceBee poll of small business owners reveals that 54% of them
don't have a strategy in place to fend off cyberattacks. People with the appropriate
computer training and expertise have many opportunities to have a real impact in the
fight against cybercrime because of this lack of readiness and other industry-related
Another study that surveyed more than 500 cybersecurity professionals found
that 57% of them stated their organization was affected by a lack of cybersecurity
capabilities, with just over 10% stating it had a substantial impact. Modern tactics and
threats. Companies are having trouble locating people with the necessary
There's no denying the fact that the number of people doing remote work has
significantly increased. When determining whether to reopen their offices or opt for a
remote workforce, many businesses are choosing to implement hybrid work models
as the pandemic continues to have an impact on communities around the world. The
cybersecurity threats for remote workers are multiplied and expanded as a result of a
distributed work environment. Security breaches are significantly more likely to occur
financial gain. Examples include stealing money straight from financial accounts,
obtaining credit card information, creating data breaches, demanding ransom, and
more. After declining to pay the ransom and giving in to the blackmailers' threats, many
skills. They are typically driven by some form of cause, such raising awareness of
14
human rights issues or warning a major firm about system vulnerabilities. They might
also face off against organizations whose views differ from their own. (Mottl, 2022)
Unfortunately, one of the biggest sources of a data breach isn’t some unknown
or forgotten security bug, it’s human error. According to statistics from a CompTIA
study cited by shrm.org, “Human error accounts for 52 percent of the root causes of
The Cybercrime Prevention Act (CPA) of 2012, also known as Republic Act
misuse and abuse all ICT devices, including unauthorized access to information on
them and all activities carried out on and through the Internet for malicious and
some progress. The nation still views cyberthreats as low risk because it is in the early
stages of its digital transition. Ms. Mirandilla-Santos stressed the requirement for a
for cybersecurity to safeguard "critical infrastructure" (CI). CI are seen as being of the
impact on the state and its citizens. These assets, systems, and networks can be either
Synthesis
Companies Several articles and related studies from international and local
while also affecting the customer's trust; as stated above that customers will stop
trusting a corporation if it doesn't protect their data (Din, 2022). Another reason behind
15
its importance is to avoid financial data breaches from cyberattacks. And it has a
negative impact not just on companies' reputations but also on the economic stability
of a nation since it shows that prices for goods and services will rise if the cost of doing
Other materials exposed that some people believe that the accounting life cycle
and data security are unrelated (Accounting Insights, 2021). It is unlikely true.
Accountants are particularly vulnerable since their systems store enormous amounts
On the other hand, internal control is always one of the top priorities of business
processes, policies, and procedures are made to preserve valuable corporate assets
and keep the business secure and intact is one of the most efficient approaches to
ensure that the organization is taking the right actions to reduce risks (ZHAO, 2022).
While this brings a brighter future for businesses, challenges are still inevitable.
Possibly the major challenge is the unpreparedness of business when facing cyber
risks (Riley, 2022). Furthermore, it is nothing new that the causes of these actions are
mainly motivated by financial gain. However, many studies suggest that human error
is the main reason behind cyber threats (Data Breach 101: Top 5 Reasons it Happens,
n.d.). Fortunately, similar to international policies, cybercrime laws and litigations are
also present locally. It ensures the penalization of cybercriminals who act on these
wrongdoings, The Cybercrime Prevention Act (CPA) of 2012, also known as Republic
Act 10175.
continuously grow. Hence, in this research, this gap needs to be constantly updated
METHODOLOGY
sampling technique, data gathering, and statistical treatment of data used in the
Research Design
computational techniques (D. Fleetwood, n.d.). Conducting this study will require
business enterprises are mainly facing, the cybersecurity tools they use, and the
solutions they operate. Aside from that, this study will assess the significant
tools and their percentage of cybersecurity effectiveness. In addition, the average lost
revenue they incur from security breaches and their elapsed time of recovery from
cybersecurity attacks. Also, the relation between the regularity of employee training
and monitoring concerning cybersecurity and how frequently insider threats happen in
Hypotheses
Ho1: There is no significant relationship between the estimated cost for the company's
Ho2: There is no significant relationship between the average lost revenue the
company incurs from security breaches and the elapsed time of recovery from
cybersecurity attacks.
happen.
Sources of Data
This study will acquire data from primary sources, particularly from the fifteen
(15) conveniently selected local business enterprises. Aligned with the research
come up with accurate answers in collecting needed information in this study. Since
primary sources can include first-hand accounts of a topic from people directly
connected with it (S. Udegbunam, 2021), data gathering might also come from these
forms.
Sampling Technique
The sample size of this research will hold fifteen (15) business enterprises,
considering time constraints and lack of resources originating from the population of
this study. The companies that will participate in this study have backgrounds in
cybersecurity threats and practices. Hence, the study will use non-probability
through survey questionnaires – a list of questions or items used to gather data from
18
people about their attitudes, experiences, or opinions (P. Bhandari, 2022). In aiming
for the objective of this research, the data gathering will come first-hand or through
primary sources. To further discuss, data may be obtained personally, through internet
documents of particular companies from its experts, official records, for instance.
In evaluating the collected data, this study will utilize quantitative research tools
After collecting the needed information, this study will treat and analyze the
Relative frequency distribution. This statistical tool will help determine the
types of cybersecurity risks that selected business enterprises are mainly facing.
Relative frequency relates the count for a particular class of events to its total number
using percentages, proportions, or fractions (J. Frost, 2021). This treatment will also
apply in identifying the cybersecurity tools that the selected organizations use and their
cybersecurity solutions.
between the estimated cost of the company's intended cybersecurity tools and their
measure the strength and direction of a linear relationship between two variables
(Jaadi, 2019). Similarly, to determine the average lost revenue they incur from security
breaches and their elapsed time of recovery from cybersecurity attacks. This
parametric measure will also identify the relation between the regularity of employee
training and monitoring concerning cybersecurity and how frequently insider threats
REFERENCES
accounting-cybersecurity-challenges-in-
2021/#:~:text=Accounting%20cybersecurity%20practices%20ensure%20that,
%2C%20personal%2C%20and%20professional%20information.
https://www.cpajournal.com/2019/07/08/cybersecurity-risks-and-controls/
https://www.accountingseed.com/blog/accounting-cybersecurity-how-to-keep-
financial-data-secure-and-safe/
cybersecurity-in-retrospect-2016-2021/
Data Breach 101: Top 5 Reasons it Happens. (n.d.). Retrieved from Whoa Networks:
https://www.whoa.com/data-breach-101-top-5-reasons-it-happens/
Deflin, B. (2019). Top 10 Internal Controls to Mitigate Cybersecurity Risks in the Family
internal-controls-to-mitigate-cybersecurity-risks-in-the-family-office
Dhaval, A. (2021, November 29). Five Reasons Why Cybersecurity Is Important for
https://www.projectcubicle.com/five-reasons-why-cybersecurity-is-important-
for-businesses/
20
Din, A. (2022, February 16). Why Cybersecurity Is Important for Companies? Retrieved
important-for-companies/
Dinu, C. (2022, November 7). The Role of Cybersecurity in Accounting. Retrieved from
in-accounting/
FACTS Asia Admin. (2022, March 30). Cybersecurity in the Philippines: Global and
https://www.factsasia.org/blog/cybersecurity-in-the-philippines-global-and-
local-challenges
Jaadi, Z. (2019, October 15). Everything you need to know about interpreting
https://towardsdatascience.com/eveything-you-need-to-know-about-
interpreting-correlations-2c485841c0b8
Johnson, T. (2022, September 13). The impact of a data breach. Retrieved from
impact-of-a-data-
breach#:~:text=Data%20breach%20effects%20can%20scale,operating%20in
%20a%20digital%20economy.
LIFARS. (2020, March 4). Motivations Behind Cyber-Attacks. Retrieved from LIFARS
cyber-attacks/
Linao, P. (2022, March 4). Why is cyber security important to a business? Retrieved
cyber-security-important
21
Mottl, C. (2022, March 3). 6 Motivations of Cyber Criminals. Retrieved from CoreTech:
https://www.coretech.us/blog/6-motivations-of-cyber-criminals
alliance.com/cybersecurity-blog/5-new-challenges-for-cybersecurity-in-2021
https://securityintelligence.com/articles/long-term-impacts-security-breach/
Reed, J. (2022, October 13). How Do Data Breaches Impact Economic Instability?
https://securityintelligence.com/articles/how-data-breaches-impact-economic-
instability/
https://www.cgma.org/resources/reports/downloadabledocuments/irm-cyber-
risk-report-executive-summary.pdf
https://www.researchgate.net/publication/325300571_STUDY_OF_CYBERS
ECURITY_IN_DATA_BREACHING
S. Kevelighan (2018). Small business, big risk: Lack of cyber insurance is a serious
https://www.iii.org/sites/default/files/docs/pdf/small_business_big_risk_10121
8.pdf
https://www.nibusinessinfo.co.uk/content/reasons-behind-cyber-attacks
https://thoughtlabgroup.com/cyber-solutions-riskier-world/
22
https://www.businesstechweekly.com/cybersecurity/risk-management/cyber-risk-
management/#:~:text=A%20cyber%20risk%20management%20strategy
Williams, M. (n.d.). 10 statistics that show why training is key to good data
infographic#:~:text=Security-related%20risks%20are%20reduced
Gomez, A. J. S. C., Eireene Jairee. (2023, January 5). Complaints flood BPI
https://www.manilatimes.net/2023/01/05/business/top-business/complaints-flood-bpi-
following-system-glitch/1872749
Manila Bulletin. (2023, January 4). BSP wants hourly updates from BPI.
https://mb.com.ph/2023/01/04/bsp-wants-hourly-updates-from-bpi/
https://www.questionpro.com/blog/descriptive-research/
https://www.scribbr.com/methodology/sampling-methods/
2022 Cyber Security Statistics Trends & Data. (n.d.). PurpleSec. Retrieved
BrainStation. https://brainstation.io/career-guides/what-tools-do-cybersecurity-
analysts-use
https://www.scribbr.com/methodology/questionnaire/
23
Websitehurdles.com. https://websitehurdles.com/is-website-a-primary-source/
by Jim. https://statisticsbyjim.com/basics/relative-frequency/
Kroll (2022). State of Incident Response: Asia Pacific. Retrieved from Kroll:
https://www.kroll.com/-/media/kroll/pdfs/publications/apac-state-of-incident-
response-2022.pdf
A. Ghadge et al. (2020). Managing cyber risk in supply chains: A review and research
Riley, S. (2022, June 20). 9 Cybersecurity Challenges Companies Must Tackle Now.
challenges-companies-must-tackle-now
University of North Dakota. (n.d.). Why Is Cyber Security Important? Retrieved from
https://onlinedegrees.und.edu/blog/why-is-cyber-security-important/
ZHAO, J. (2022, May 5). Internal Controls and Data Security: How to Develop Controls
https://hyperproof.io/resource/internal-controls-and-data-security/