Ascribing responsibility for online security and data breaches

The purpose of this paper is to understand consumer reactions to security breaches and the best approach for companies to minimize the reputational damage that is done.

The authors assessed trust in a company following a data breach as well as perceptions of individual and corporate responsibility for data security and also measured individual personality.

The authors found that individuals held companies more responsible for protecting private data and held companies even more responsible following a data breach. Further, perception of responsibility for a data breach significantly affected individuals’ response to a company’s attempt to rebuild trust. Finally, participant personality impacted perceptions of responsibility and trust in a company after a data breach.

Companies are held more responsible for protecting private data than are individuals. Thus, violation of this expectation insofar as a data breach may result in a psychological contract breach which explains reductions in trust in a company which has experienced a data breach. Further, the effect of company’s responses to a data breach depends on individuals’ perception of responsibility and personality. Thus, the best course of action following a data breach may vary across customers.

Companies should consider differences in customer perceptions when responding to a data breach.

Individuals differ in how responsible they feel a company is for data security. Further, those differences impact reactions to data breach responses from companies.

This paper explored personality as it impacts perceptions of corporate responsibility in data security. Further, the authors explore the role of perception of responsibility to determine the role of psychological contract breach in reduced trust after data breach.