ABSTRACT: Firms face many different types of information security risk. Inadver-tent disclosure of sensitive business information represents one of the largest classes of recent security breaches. We examine a specific instance of this problem--inadvertent disclosures through peer-to-peer file-sharing networks. We characterize the extent of the security risk for a group of large financial institu-tions using a direct analysis of leaked documents. We also characterize the threat of loss by examining search patterns in peer-to-peer networks. Our analy-sis demonstrates both a substantial threat and vulnerability for large financial firms. We find a statistically significant link between leakage and leak sources including the firm employment base and the number of retail accounts. We also find a link between firm visibility and threat activity. Finally, we find that firms with more leaks also experience increased threat.
Key words and phrases: data breaches , file-sharing , inadvertent disclosure , information security , intellectual property leaks , peer-to-peer networks , risk management