Search results

This study aims to explore the spillover effects of data breaches from a consumer perspective in the e-commerce context. Specifically, we investigate how an online retailer’s data breach affects consumers’ privacy risk perceptions of competing firms, and further how it affects shopping intention for the competitors. We also examine how the privacy risk contagion effect varies depending on the characteristics of competitors and their competitive responses.

We conducted two scenario-based experiments with surveys. To assess the spillover effects and the moderating effects, we employed an analysis of covariance. We also performed bootstrapping-based mediation analyses using the PROCESS macro.

We find evidence for the privacy risk contagion effect and demonstrate that it negatively influences consumers’ shopping intention for a competing firm. We also find that a competitor’s cybersecurity message is effective in avoiding the privacy risk contagion effect and the competitor even benefits from it.

While previous studies have examined the impacts of data breaches on customer perceptions of the breached firm, our study focuses on customer perceptions of the non-breached firms. To the best of the authors’ knowledge, this study is one of the first to provide empirical evidence for the negative spillover effects of a data breach from a consumer perspective. More importantly, this study empirically demonstrates that the non-breached competitor’s competitive response is effective in preventing unintended negative spillover in the context of the data breach.

This study aims to examine the relative effectiveness of functional and financial remedies in influencing customers' negative coping responses in the event of a data breach. It also uncovers the different mediating roles played by customers' feelings of anger and fear in the process of data breach recovery. This study thus differs from the literature, which has primarily focused on the impact of financial compensation and apologies for service failures in face-to-face environments.

Two scenario-based experiments were conducted to empirically validate the model. The authors received 302 copies of the questionnaire, of which 269 were valid.

This study finds that functional remedies are more effective than financial remedies when sensitive information has been compromised, but there is no significant difference between the effectiveness of the two remedies when nonsensitive information has been compromised. In addition, functional remedies influence negative coping behaviors directly and indirectly; the indirect effect is achieved through the reduction of fear and anger. Contrary to the authors' expectation, financial remedies do not have a direct effect on negative coping behaviors; they can indirectly affect negative coping behaviors by reducing anger but do not affect negative coping behaviors by reducing fear.

This study provides key insights into how to manage customer reactions in the event of a data breach, suggesting the use of carefully designed recovery strategies. Companies must attend to customers' specific emotional responses to manage their negative coping behaviors.

This study extends the limited literature on data breach recovery actions by investigating the different effectiveness of functional and financial remedies in the event of a data breach. It also uncovers how functional and financial recovery strategies affect customers' negative coping behaviors by revealing the different mediating effects of fear and anger.

While every firm is striving to embrace digital transformation (DT) to form new differentiating business capabilities, there are dark sides to such initiatives, and it is essential to acknowledge, identify and address them. The purpose of this paper is to identify and emperically demonstrate the impact of such darksides of DT. While a firm's DT effort may have many dark sides, the authors identify data breaches as the most critical one and focus on proving their impact since it can inflict significant damage to the firm.

Through the lens of paradox theory, the authors argue that the DT efforts of a firm will lead to increased risk and severity of data breaches. The authors developed a one-of-a-kind longitudinal data set by combining data from multiple sources, including 3604 brands over a 10-year period, and employed a DT performance scorecard to evaluate a firm's DT effort across four key digital selling touchpoints: site, mobile, digital marketing and social media.

The findings of this study show that a firm's DT efforts pertaining to its mobile and digital marketing platforms significantly increase the likelihood and severity of a data breach event indicating that these two channels are most vulnerable and need heightened attention from firms. Furthermore, the findings suggest that the negative repercussions of some DT initiatives may be minimized as the firm becomes more innovative. The findings can help firms re-strategize their DT efforts by promoting security and also encouraging a balanced communication strategy.

This research is one of the first to identify, recognize and empirically illustrate the downsides of a DT effort that is otherwise thought to provide only benefits.

Stock price reactions have often been used to evaluate the cost of data breaches in the current information systems (IS) security literature. To further this line of research, this study examines the impact of data breaches on stock returns, information asymmetry and unsystematic firm risk in the context of COVID-19.

This paper employs an event study methodology and examines data breach events released in public databases, spanning pre- and post-COVID settings. This study investigated 283 data breaches of the US publicly traded firms, and the economic cost was measured by cumulative abnormal returns (CARs), trading volume, bid-ask spread and unsystematic risk.

The authors observe that data breaches during the COVID pandemic make investors react more negatively to data breach announcements, as reflected in the significantly negative difference in CARs between breached firms before COVID and those after COVID. The findings also indicate that, after the disclosure of data breach incidents, information asymmetry is reduced to a lesser extent compared with that in the pre-COVID setting. The authors also find that data breach events lead to an increase in the unsystematic risk of breached companies in the pre-COVID era but no change in the post-COVID era.

This study is the first effort to examine the economic consequences of data breaches by investigating the effects in the form of trading activities and risk measurement in the COVID setting.

Despite an increasing trend in adoption of social media by for-profit organizations and their chief executive officers (CEOs), there is little understanding of how these new channels of communication are incorporated into the broader communication domain of a firm to discharge accountability during a crisis, when accountability is of critical importance. More importantly, research on how people perceive a crisis and voice their opinions to firms and CEOs on social media in reaction to that crisis is rather limited. Therefore, in this study the authors investigate these questions.

This study is based on a case. The authors focus on the biggest data breach in Internet history in a pioneer technology firm, the Yahoo data breach. The authors conduct descriptive and dramaturgical analyses informed by Goffman to investigate how Yahoo manages its several front stages (communication channels), including social media during and after the Yahoo data breach announcements, and how people respond to the Yahoo's front stage management.

The results show that, during this crisis, Yahoo engages in management of its front stages by first limiting them to a few, then by redrawing the line between its back and front stages, and finally by expanding its front stages to include two-way communication channels, including social media. An ongoing accountability process back stage guides Yahoo's management of its front stages and undermines Yahoo's accountability in front stages. However, social media audiences challenge Yahoo's control of its front stages by using various frames to make sense of the crisis, and to demand accountability.

This study furthers the understanding of how social media platforms are positioned in a firm's broader communication channels during a crisis. It also enhances understanding of accountability demand, especially during critical times in a digitized era.

Data breaches are an increasing phenomenon in today's digital society. Despite the preparations an organization must take to prevent a data breach, it is still necessary to develop strategies in the event of a data breach. This paper explores the key recovery areas necessary for data breach recovery.

Stakeholder theory and three recovery areas (customer, employee and process recovery) are proposed as necessary theoretical lens to study data breach recovery. Three data breach cases (Anthem, Equifax, and Citrix) were presented to provide merit to the argument of the proposed theoretical foundations of stakeholder theory and recovery areas for data breach recovery research.

Insights from these cases reveal four areas of recovery are necessary for data breach recovery – customer recovery, employee recovery, process recovery and regulatory recovery.

These areas are presented in the data recovery areas model and are necessary for: (1) organizations to focus on these areas when resolving data breaches and (2) future data breach recovery researchers in developing their research in the field.

The main purpose of this paper is to analyze the trends of various types of data breaches and their compromised records in the USA using a new model recently developed by the authors.

The 2,280 data breaches and over 512 million related compromised records tracked by the Privacy Rights Clearinghouse from 2005 through 2010 were analyzed and classified into four external, five internal and one non-traceable data breach categories, after which trends were determined for each.

The findings indicate that although the trends for the annual number of data breaches and each of the internal and external categories and their related compromised records have increased over the six-year period, the changes have not been consistent from year to year.

By classifying data breaches into internal and external categories with the use of this new data breach model provides an excellent methodological framework for organizations to use to develop more workable strategies for safeguarding personal information of consumers, clients, employees and other entities.

The topic of data breaches remains salient to profit and nonprofit organizations, researchers, legislators, as well as criminal justice practitioners and consumer advocate groups.

This paper aims to analyze the effect of data breaches – whose concerns and implications can be legal, social and economic – on companies’ overall performance.

Information on data breaches was collected from online compilations, and financial data on breached companies was collected from the Mergent Online database. The financial variables used were related to profitability, liquidity, solvency and company size to analyze the financial performance of the breached companies before and after the data breach event. Nonfinancial data, such as the type and the size of the breaches, was also collected. The data was analyzed using multiple regression.

The results confirm that nonmandatory information related to announcements of data breaches is a signal of companies’ overall performance, as measured by profitability ratios, return on assets and return on equity. The study does not confirm a relationship between data breaches and stock market reaction when measuring quarterly changes in share prices.

The main limitation of the study relates to ratio and trend analyses. Such analyses are commonly used when researching accounting information. However, they do not directly reflect the companies’ conditions and realities, and they rely on companies’ released financial reports. Another limitation concerns the confounding factors. The major confounding factors around the data breaches’ dates were identified; however, this was not enough to assure that other factors were not affecting the companies’ financial performance. Because of the nature of such events, this study needs to be replicated to include specific information about the companies using case studies. Therefore, the authors recommend replicating the research to validate the article’s findings when each industry makes more announcements available.

To remediate the risks and losses associated with data breaches, companies may use their reserved funds.

Company data breach announcements signal internal deficiencies. Therefore, the affected companies become liable to their employees, customers and investors.

The paper contributes to both theory and practice in the areas of accounting finance, and information management.

The purpose of this research is to provide companies and consumers with information about the potential connections between data breach types and institutions. This study also aims to add to the body of knowledge about data breaches.

This study analyzes a chronology of five years of data breaches. The data were classified and analyzed by breach and institution type, record size, and state. Multiple statistical tests were performed.

Breach types stolen and exposed are statistically more likely to occur. Educational institutions are more likely to have a breach and it is more probable that educational breaches will be of type hacker or exposed. The proportion of insider incidents is smaller than the other breach types. The number of records breached is independent of institution and breach type.

Only those breaches with a specified number of records are included. The information used may have been updated after our analysis, usually a change in the number of records identified.

Additional knowledge about characteristics of data breaches and the relationship between breach types and institution types will enable both businesses and consumers to be more effective in protecting sensitive information. Businesses will be able to create security budgets based on risk factors and consumers will be more aware of the risks of providing sensitive information.

This study provides a longitudinal analysis covering five years of data breaches and analyzes the relationship between five breach types and six types of institutions.

The purpose of this study is to expand on the existing literature by specifically examining data security incidents within the hospitality industry, assessing origins and causes, comparing breaches within the industry with those of other industries and identifying areas of concern.

A sample of data breach incidents is drawn from the Verizon VERIS Community Database (VCDB). Statistical comparisons between hospitality and non-hospitality industry firms are conducted following the Verizon A4 threat framework.

The results reveal that breaches between hospitality and non-hospitality firms differ significantly in terms of actors, actions, assets and attributes. Specifically, proportions of breaches in the hospitality industry are larger in terms of external actors, hacking and malware, user devices compromised and integrity violations. Additionally, compared to other industries, point-of-sales (POS) system breaches occur at a higher rate in the hospitality industry. The study finds that company size, hacking and malware predict the likelihood of a POS breach.

The study uses secondary data and does not include the entire universe of data breaches.

In the quest to reduce data breach incidents, it is imperative to identify and assess the nature of data breach incidents between industries. Doing so permits the development of targeted industry-specific solutions rather than generic ones. This study systematically identifies differences between hospitality and non-hospitality data security incidents and then suggests areas where hospitality companies should focus future attention to mitigate breach incidents.

本论文延展了现有文献, 检测了酒店业中的数据安全事故, 评估其起因, 比较其他产业和酒店产业数据泄露的区别, 以及找出关键区域。

样本数据为 Verizon VERIS 社区数据库（VCDB）中的数据泄露事件。研究遵循Verizon A4 危险模型, 对酒店业和非酒店业之间事件进行了数据分析比较。

研究结果表明酒店公司和非酒店公司的数据泄露在当事人、行为、资产、和属性方面, 有着很大不同。其中, 酒店业中的数据泄露比例在外部因素、黑客、病毒、用户端失灵、和违反道德方面比较大。此外, 相对其他产业, POS系统在酒店产业中的数据泄露概率较高。本论文发现公司规模、黑客、和病毒对POS数据泄露的影响有着重大决定作用。

本论文使用二手数据, 并未检测整体数据泄露数据。

为了减少数据泄露事件, 产业之间数据泄露事件属性的认定和评价至关重要。因此, 可以针对具体产业具体事件制定出特定的解决方案。本论文系统上指出了酒店和非酒店业的数据安全事件的区别, 以及指出哪些方面, 酒店业应该重点关注, 以减少未来数据泄露事件。