Information risk of inadvertent disclosure: An analysis of file-sharing risk in the financial supply chain

Article

Johnson, M. Eric

Dartmouth College

JOURNAL OF MANAGEMENT INFORMATION SYSTEMS

0742-1222

10.2753/MIS0742-1222250205

2008

97-123

Firms face many different types of information security risk. Inadvertent disclosure of sensitive business information represents one of the largest classes of recent security breaches. We examine a specific instance of this problem-inadvertent disclosures through peer-to-peer file-sharing networks. We characterize the extent of the security risk for a group of large financial institutions using a direct analysis of leaked documents. We also characterize the threat of loss by examining search patterns in peer-to-peer networks. Our analysis demonstrates both a substantial threat and vulnerability for large financial firms. We find a statistically significant link between leakage and leak sources including the firm employment base and the number of retail accounts. We also find a link between firm visibility and threat activity. Finally, we find that firms with more leaks also experience increased threat.