Search results

This paper aims to increase understanding of pertinent exogenous and endogenous antecedents that can reduce data privacy breaches.

A cross-sectional survey was used to source participants' perceptions of relevant exogenous and endogenous antecedents developed from the Antecedents-Privacy Concerns-Outcomes (APCO) model and Social Cognitive Theory. A research model was proposed and tested with empirical data collected from 213 participants based in Canada.

The exogenous factors of external privacy training and external privacy self-assessment tool significantly and positively impact the study's endogenous factors of individual privacy awareness, organizational resources allocated to privacy concerns, and group behavior concerning privacy laws. Further, the proximal determinants of data privacy breaches (dependent construct) are negatively influenced by individual privacy awareness, group behavior related to privacy laws, and organizational resources allocated to privacy concerns. The endogenous factors fully mediated the relationships between the exogenous factors and the dependent construct.

This study contributes to the budding data privacy breach literature by highlighting the impacts of personal and environmental factors in the discourse.

The results offer management insights on mitigating data privacy breach incidents arising from employees' actions. Roles of external privacy training and privacy self-assessment tools are signified.

Antecedents of data privacy breaches have been underexplored. This paper is among the first to elucidate the roles of select exogenous and endogenous antecedents encompassing personal and environmental imperatives on data privacy breaches.

This research examines the relationship between the timeliness in announcing the discovery of a data breach and consumer trust in an e-commerce company, as well as later trust-rebuilding efforts taken by the company to compensate users impacted by the breach.

A survey experiment was used to examine the effect of both trust-reducing events (announced data breaches) and trust-enhancing events (provision of identity theft protection and credit monitoring) on consumer trust. The timeliness of the breach announcement by an e-commerce company was manipulated between two randomly assigned groups of subjects; one group viewed an announcement of the breach immediately upon its discovery, and the other viewed an announcement made two months after the breach was discovered. Consumer trust was measured before the breach, after the breach was announced, and finally, after the announcement of data protection.

The results suggest that companies that delay a data breach announcement are likely to suffer a larger drop in consumer trust than those that immediately disclose the data breach. The results also suggest that trust can be repaired by providing data protection. However, even after providing identity theft protection and credit monitoring, companies that fail to promptly disclose a breach have lower repaired trust than companies that promptly disclose.

This study contributes to the literature on e-commerce trust by examining how a company's forthrightness in reporting a data breach impacts user trust at the time of the disclosure of the data breach and after subsequent efforts to repair trust.

Big Data Analytics provides a multitude of opportunities for organizations to improve service operations, but it also increases the threat of external parties gaining unauthorized access to sensitive customer data. With data breaches now a common occurrence, it is becoming increasingly plain that while modern organizations need to put into place measures to try to prevent breaches, they must also put into place processes to deal with a breach once it occurs. Prior research on information technology security and services failures suggests that customer compensation can potentially restore customer sentiment after such data breaches. The paper aims to discuss these issues.

In this study, the authors draw on the literature on personality traits and social influence to better understand the antecedents of perceived compensation and the effectiveness of compensation strategies. The authors studied the propositions using data collected in the context of Target’s large-scale data breach that occurred in December 2013 and affected the personal data of more than 70 million customers. In total, the authors collected data from 212 breached customers.

The results show that customers’ personality traits and their social environment significantly influences their perceptions of compensation. The authors also found that perceived compensation positively influences service recovery and customer experience.

The results add to the emerging literature on Big Data Analytics and will help organizations to more effectively manage compensation strategies in large-scale data breaches.

Error management has begun to receive growing attention from both academic scholars and industry practitioners in marketing. However, the impacts of error management on consumers remain understudied. Taking data breach as an increasingly recognized error in the modern service industry, this paper aims to explore the impact of hotels’ error management on consumer attitudes and downstream behavioral intentions. This research also investigates whether such impacts can be moderated by data breach locality. Furthermore, this research examines the underlying mechanism through which a firm’s error management influences consumers’ attitudes and behaviors.

A total of 280 people were recruited to participate in a scenario-based experimental study and complete an online survey.

Results revealed that the impacts of a focal firm’s error management on consumer attitude, word-of-mouth, and revisit intention were only significant when the data breach occurred at the focal firm (versus the rival firm), which was mediated by consumer trust. However, this mediating effect of consumer trust was not found when the focal firm reacted to a data breach that occurred at a rival firm.

This research represents one of the first studies to introduce the concept of consumer trust to understand the impact of error management on consumers following a data breach. By further including data breach locality as a potential moderator, this research provides suggestions on how firms should strategize their marketing efforts for more effective results.

This study aims to evaluate changes to the financial performance of organizations in the 1–4 quarters following a data breach event. The study introduces two new variables, “intangible assets” and “extraordinary losses” to the discussion on the impact of data breaches on an organization’s financial performance. Intangible assets allow us to gauge the data breach’s impact on the organization’s brand reputation and intellectual capital reserves. Extraordinary losses allow us to gauge if organizations considered data breaches truly detrimental to their operations that they rose to the level of “extraordinary” and not an event that could be incorporated into its usual operating expenses.

This study uses a matched sample comparison analysis of 47 organizations to understand the short-term and long-term impacts of data breach events on an organization’s financial performance.

Data breach events have some negative impacts on the organization’s profitability more than likely leading to a depletion of the organization’s assets. However, organizations do not perform better or worse in the short-term or long-term due to a data breach event; the organizations can be considered financially sustainable in the 1–4 quarters following a data breach disclosure.

This study takes two approaches to theory development. The first approach extends the current literature on data breach events as negative, value declining events to the organization’s performance, which is referred to as the “traditional view.” The second view posits that a data breach event may be a catalyst for enhanced long-term organization performance; this is referred to as the organizational sustainability and resiliency view.

The study aims to empirically understand individuals' tendency to disclose private information online following different forms of data breach (i.e. reversible and irreversible victimization).

Survey methodology is applied to measure the perception of victims of data breaches on key indicators of information disclosure.

Analysis of responses from 309 victims of data breaches show that while victims' irreversible data breach victimization experience influences both dimensions of privacy concerns, reversible data breach victimization experiences influenced only peer privacy concerns (PPCs). Furthermore, only institutional privacy concerns impacted online disclosure and fully mediate the relationship between victimization experience and online disclosure.

The findings contribute to the privacy literature by expanding the dimension of victimization and considering their differential effect on privacy concerns. Additionally, the study uncovers the efficacy of privacy dimension on privacy recalibration following a data breach announcement.

For practice, the results provide insights for managers on how to manage customer restitution after a data breach. Management of the process of privacy recalibration should not be homogenous but be based on degree of consequence.

This research provides deeper understanding of how the ascendancy of privacy breaches affect privacy management. The findings illuminate why the increasing trend in online activities is observed.

The study is the first to identify two dimensions of data breach victimization experience based on the breach level index (BLI). The two dimensions of victimization (i.e. reversible and irreversible privacy victimizations) were used to understand individuals' tendency to disclose private information online.

Data security breaches are an increasingly common and costly problem for organizations, yet there are critical gaps in our understanding of the role of stakeholder relationship management and crisis communication in relation to data breaches. In fact, though there have been some studies focusing on data breaches, little is known about what might constitute a “typical” response to data breaches whether those responses are effective at maintaining the stakeholders' relationship with the organization, their commitment to use the organization after the crisis, or the reputational threat of the crisis. Further, even less is known about the factors most influencing response and outcome evaluation during data breaches.

We identify a “typical” response strategy to data breaches and then evaluate the role of this response in comparison to situation, stakeholder demographics and relationships between stakeholders, the issue and the organization using an experimental design. This experiment focuses on a 2 (type of organization) × 2 (prior knowledge of breach risk) with a control group design.

Findings suggest that rather than employing reactive crisis response messaging the role of public relations should focus on proactive relationship building between organizations and key stakeholders.

For the last several decades much of the field of crisis communication has assumed that in the context of a crisis the response strategy itself would materially help the organization. These data suggest that the field crisis communication may have been making the wrong assumption. In fact, these data suggest that reactive crisis response has little-to-no effect once we consider the relationships between organizations, the issue and stakeholders. The findings show that an ongoing program of crisis capacity building is to an organization's strategic advantage when data security breaches occur.

After the massive data breach incident in 2017, Equifax voluntarily disclosed non-GAAP earnings that beat earnings targets by eliminating breach-related charges and used non-GAAP metrics to determine its executives' compensations. However, it is unclear whether its non-GAAP earnings exclusions and the use of non-GAAP earnings in compensation plans are justified. The purpose of this study is to examine non-GAAP earnings quality in firms with data breach incidents.

The authors identified data breach firms from incidents reported in Privacy Rights Clearinghouse (privacyrights.org) during the period 2004–2017. The authors separate the victim firms into six groups based on financial status and non-GAAP earnings disclosure. Quarterly manager non-GAAP earnings per share data is retrieved from the database created by Bentley et al. (2018). Ordinary linear regression models are used in this study to test the authors’ hypothesis.

The authors find that, in general, the informativeness of non-GAAP earnings is higher than that of GAAP earnings in data breach firms. However, non-GAAP earnings quality vary in data breach firms with different financial health status. The quality of non-GAAP earnings in loss firms with data breach is higher than those in profit firms. Loss converters (i.e. data breach firms with negative GAAP earnings but positive non-GAAP earnings) disclose low quality non-GAAP earnings, which is different from the findings in prior studies.

The findings are particularly useful to analysts who want to make accurate earnings forecasts of data breach firms by incorporating managers' non-GAAP earnings disclosures.

The authors are among the first to comprehensively analyze the quality of non-GAAP earnings in firms with data breaches. The findings in this study address the analysts' concern that data breach firms use non-GAAP earnings metrics to determine executives' compensation after the massive data breach incidents. Next, the authors provide evidence that the financial status of data breach firms affects the quality of non-GAAP earnings.

Security breaches have been arising issues that cast a large amount of financial losses and social problems to society and people. Little is known about how social media could be used a surveillance tool to track messages related to security breaches. This paper aims to fill the gap by proposing a framework in studying the social media surveillance on security breaches along with an empirical study to shed light on public attitudes and concerns.

In this study, the authors propose a framework for real-time monitoring of public perception to security breach events using social media metadata. Then, an empirical study was conducted on a sample of 1,13,340 related tweets collected in August 2015 on Twitter. By text mining a large number of unstructured, real-time information, the authors extracted topics, opinions and knowledge about security breaches from the general public. The time series analysis suggests significant trends for multiple topics and the results from sentiment analysis show a significant difference among topics.

The study confirms that social media monitoring provides a supplementary tool for the traditional surveys which are costly and time-consuming to track security breaches. Sentiment score and impact factors are good predictors of real-time public opinions and attitudes to security breaches. Unusual patterns/events of security breaches can be detected in the early stage, which could prevent further destruction by raising public awareness.

The sample data were collected from a short period of time on Twitter. Future study could extend the research to a longer period of time or expand key words search to observe the sentiment trend, especially before and after large security breaches, and to track various topics across time.

The findings could be useful to inform public policy and guide companies responding to consumer security breaches in shaping public perception.

This study is the first of its kind to undertake the analysis of social media (Twitter) content and sentiment on public perception to security breaches.