Do Geopolitical Risk Factors Influence Whether a Corporation Is the Victim

of a Cyber Exploit, Intrusion, or Breach?

Brent M. Eastwood, PhD
Introduction
In 2016, 237 companies in six countries suffered some form of cyber-crime, according to a report from
the Poneman Institute.1 Each cyber intrusion that year resulted in an average loss of $9.5 million for the
targeted company.2 The “Breached Database Directory” from Vigilante.pw indicates that so far in 2017,
35 different web sites have been the target of database breaches – an average of about three per week.3
These web site databases are owned by corporations in industry sectors such as software, healthcare,
telecommunications, and e-commerce.4
Research Questions and Theory
Does a corporation’s international presence affect whether it is at risk for a cyber intrusion? If so, do
multinational corporations doing business in countries with known geopolitical risk factors have a greater
chance of becoming the target of a data breach? I theorize that countries with active cyber-criminal
organizations such as Russia, China, and Nigeria, could place companies in more danger of cyber-crime if
they do business there. I also postulate that multinationals with revenue coming from countries that are
state-sponsors of terror, could have a higher probability of cyber exploits. In addition, I theorize that
multinationals operating in countries with fragile, unstable, or corrupt governments, could have a higher
risk of cyber breaches.
Methodology
The statistical/mathematical model for this study requires a binary response. This means that the
“estimate response probabilities are strictly between zero and one.”5 Thus, the dependent variable is
dichotomous and the graph of the plotted function is a non-linear S-shaped curve. Examples of these
dichotomous dependent variables include whether an individual is “married or non-married” and whether
a person has “health insurance or no health insurance.” For this study on the probability of a corporation
being a cyber-victim, the binary response is “data breach or no data breach.”
The best way to estimate this binary outcome is with the use of logit and probit models. Logit and probit
models differ in the following way. According to Jeremy Albright of Methods Consultants, “The logit
model uses something called the cumulative distribution function of the logistic distribution. The probit
model uses something called the cumulative distribution function of the standard normal distribution.”6
Both models are intuitively appealing to test the hypotheses on whether geopolitical risk factors influence
cyber intrusions at companies.
The indicator function of the dependent variable “data breach/ no data breach” (0 or 1) is:

1 “2016 Cost of Cyber Crime Study and the Risk of Business Innovation.” Poneman Institute, October 2016.
2 Ibid
3 “The Breached Database Directory.” Vigilante.pw. https://vigilante.pw/ accessed March 21, 2017.
4 Ibid
5 Wooldridge Jeffrey M. 2003. Introductory Econometrics: A Modern Approach. Mason, Ohio: South-Wester Thomson South-

Western. Pp. 554-564.
6 Albright, Jeremy. 2015. “What is the Difference Between Logit and Probit Models?” Methods Consultants.

https://www.methodsconsultants.com/tutorial/what-is-the-difference-between-logit-and-probit-models/ accessed March 21, 2017.
P(Y = 1|z)
So that in Logit: P(Y=1|z) = [1+e−X′β]−1Pr(Y=1|z)=[1+e−X′β]−1
So that in Probit: P(Y=1|z) = Φ(X′β)
For this study, the explanatory variable is “Geopolitical Risk.” Companies that take on geopolitical risk
factors when doing business overseas have a higher probability of being the victim of cyber intrusions.
Specific explanatory variables in this category include whether the corporation has revenue from foreign
countries; what percentage of its revenue comes from overseas; whether the company does business in
Russia, China or Nigeria; whether the company does business in countries that are current state-sponsors
of terror or have sponsored terror in the past; and whether the company operates in a fragile state with
poor governance.
I control for many other independent variables such as biographical information about the CEO: whether
the corporation is publicly-traded; the size of the company, the legal structure of the company; its amount
of earnings, its business sectors; and the company’s level of research and development efforts.
Logit Model
P(Databreach y = 1|x) = [1+e - β₀ + β₁Geopolitical + β₂CEO + β₃Traded + β₄Size + β₅Profit +
β₆Structure + β₇Sector + β₈R&D]-1
Probit Model
P(Databreach y = 1|x) = Φ(β₀ + β₁Geopolitical + β₂CEO + β₃Traded + β₄Size + β₅Profit + β₆Structure +
β₇Sector + β₈R&D) + e
The following table explains the variables in more detail. Hypotheses are included:

Type of Category Description of Hypothesis Data Source
Variable of Variable Variable and Type of
Relationship
Dependent Corporation One of 7,000 publicly- Data Breach Exchange Data
traded companies or No Breach International
Geopolitical Does Business in Breach more S&P Global
Explanatory Risk foreign countries likely FactSet
(dummy)
Explanatory Geopolitical Percentage of revenue Breach more S&P Global
Risk from foreign countries likely FactSet
(positive)
Explanatory Geopolitical Does business in Breach more S&P Global
Risk Russia (dummy) likely FactSet
Explanatory Geopolitical Does business in China Breach more S&P Global
Risk (dummy) likely FactSet
Explanatory Geopolitical Does business in Breach more S&P Global
Risk Nigeria (dummy) likely FactSet
Explanatory Geopolitical Does business in State- Breach more S&P Global
Risk sponsor of terror likely FactSet
(dummy)
Explanatory Geopolitical Extracts natural Breach more S&P Global
Risk resources overseas likely FactSet
(dummy)
Explanatory Geopolitical Does business in Breach more Freedom House
Risk fragile or corrupt states likely Transparency
(dummy) International

Independent CEO Length of Tenure Breach less Yahoo Finance
likely
(negative)
Independent CEO Is a software engineer Breach less Yahoo Finance
(dummy) likely
Independent CEO Was once CTO Breach less Yahoo Finance
(dummy) likely
Independent Publicly- Company listed on Breach more Bloomberg
Traded S&P500, DJIA, Russell likely
3000 (dummy)
Independent Size $ Amount of market Breach more Yahoo Finance
capitalization likely
(positive)
Independent Size Number of employees Breach more Yahoo Finance
likely
(positive)
Independent Annual $ Amount of annual Breach more Yahoo Finance
Earnings (EBITDA) likely
(positive)
Independent Legal Whether company is LLC is more Yahoo Finance
Structure LLC, C-Corp, Delaware likely to have
C-Corp. (dummy) a breach
Independent Business Financial, Software, These sectors Yahoo Finance
Sector Healthcare, E-commerce, are more
Retail, Energy, Telecom likely to have
(dummy) a breach
Independent Research and Annual number of More likely to USPTO
Development patents granted have breach
(positive)
Independent Research and $ Amount annually More likely to Bloomberg
Development spent on research and have breach
development (positive)

Conclusion
Interpretation is difficult in logit and probit models. In order to interpret the fit of the model and to
determine the level of the variable coefficients, analysts often use “percent correctly predicted” as a
goodness of fit measure.7 However, a high percentage of correct predictions in the model does not always
mean the explanatory variables are an “accurate predictor.”8 The sources of data are mostly available for
this study, but monetary subscriptions are needed for research firms such as FactSet or Bloomberg.
Acquiring the data for the models for approximately thousands of corporations would be time consuming
and a fairly-large data team would be needed to compile the data. Once that phase is complete, running
the regressions and conducting regression diagnostics would be straightforward working in IDEs that I
use such as R Studio or the IDE for Python called Spyder.

7
Wooldridge Jeffrey M. 2003. Introductory Econometrics: A Modern Approach. Mason, Ohio: South-Wester Thomson South-
Western. Pp. 554-564.
8
Ibid