ABSTRACT
One way of categorising cyber security breaches is consider how they arise. Technology-based breaches are those associated with software and hardware such as the failure of firewalls to keep out intruders, the uploading of malicious code to databases through an organisation's website. Process-based breaches are those associated with weak business processes such as insufficient access control, weak password protocols, or a failure to require mobile device encryption and remote locking. People-based breaches are risks associated with people's lack of knowledge or a motivation such as a failure to understand the potentially contractual nature of email or the use of private cloud accounts as a convenient way of bypass tiresome security protocols. Cyber security breaches are frequently caused by a failure of process, or a failure of people to follow agreed process. Cyber incidents can have a major effect on share price. On 25 April 2015 the shares of the Italian bank Intesa Sanpaolo dropped suddenly by 4 per cent.
