Search results

1 – 10 of 612
To view the access options for this content please click here
Article
Publication date: 8 April 2021

Atiya Avery

This study aims to evaluate changes to the financial performance of organizations in the 1–4 quarters following a data breach event. The study introduces two new…

Abstract

Purpose

This study aims to evaluate changes to the financial performance of organizations in the 1–4 quarters following a data breach event. The study introduces two new variables, “intangible assets” and “extraordinary losses” to the discussion on the impact of data breaches on an organization’s financial performance. Intangible assets allow us to gauge the data breach’s impact on the organization’s brand reputation and intellectual capital reserves. Extraordinary losses allow us to gauge if organizations considered data breaches truly detrimental to their operations that they rose to the level of “extraordinary” and not an event that could be incorporated into its usual operating expenses.

Design/methodology/approach

This study uses a matched sample comparison analysis of 47 organizations to understand the short-term and long-term impacts of data breach events on an organization’s financial performance.

Findings

Data breach events have some negative impacts on the organization’s profitability more than likely leading to a depletion of the organization’s assets. However, organizations do not perform better or worse in the short-term or long-term due to a data breach event; the organizations can be considered financially sustainable in the 1–4 quarters following a data breach disclosure.

Originality/value

This study takes two approaches to theory development. The first approach extends the current literature on data breach events as negative, value declining events to the organization’s performance, which is referred to as the “traditional view.” The second view posits that a data breach event may be a catalyst for enhanced long-term organization performance; this is referred to as the organizational sustainability and resiliency view.

Details

Information & Computer Security, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 30 April 2021

Audra Diers-Lawson, Amelia Symons and Cheng Zeng

Data security breaches are an increasingly common and costly problem for organizations, yet there are critical gaps in our understanding of the role of stakeholder…

Abstract

Purpose

Data security breaches are an increasingly common and costly problem for organizations, yet there are critical gaps in our understanding of the role of stakeholder relationship management and crisis communication in relation to data breaches. In fact, though there have been some studies focusing on data breaches, little is known about what might constitute a “typical” response to data breaches whether those responses are effective at maintaining the stakeholders' relationship with the organization, their commitment to use the organization after the crisis, or the reputational threat of the crisis. Further, even less is known about the factors most influencing response and outcome evaluation during data breaches.

Design/methodology/approach

We identify a “typical” response strategy to data breaches and then evaluate the role of this response in comparison to situation, stakeholder demographics and relationships between stakeholders, the issue and the organization using an experimental design. This experiment focuses on a 2 (type of organization) × 2 (prior knowledge of breach risk) with a control group design.

Findings

Findings suggest that rather than employing reactive crisis response messaging the role of public relations should focus on proactive relationship building between organizations and key stakeholders.

Originality/value

For the last several decades much of the field of crisis communication has assumed that in the context of a crisis the response strategy itself would materially help the organization. These data suggest that the field crisis communication may have been making the wrong assumption. In fact, these data suggest that reactive crisis response has little-to-no effect once we consider the relationships between organizations, the issue and stakeholders. The findings show that an ongoing program of crisis capacity building is to an organization's strategic advantage when data security breaches occur.

Details

Corporate Communications: An International Journal, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1356-3289

Keywords

To view the access options for this content please click here
Article
Publication date: 9 October 2019

Wei Wei, Lu Zhang and Nan Hua

Error management has begun to receive growing attention from both academic scholars and industry practitioners in marketing. However, the impacts of error management on…

Abstract

Purpose

Error management has begun to receive growing attention from both academic scholars and industry practitioners in marketing. However, the impacts of error management on consumers remain understudied. Taking data breach as an increasingly recognized error in the modern service industry, this paper aims to explore the impact of hotels’ error management on consumer attitudes and downstream behavioral intentions. This research also investigates whether such impacts can be moderated by data breach locality. Furthermore, this research examines the underlying mechanism through which a firm’s error management influences consumers’ attitudes and behaviors.

Design/methodology/approach

A total of 280 people were recruited to participate in a scenario-based experimental study and complete an online survey.

Findings

Results revealed that the impacts of a focal firm’s error management on consumer attitude, word-of-mouth, and revisit intention were only significant when the data breach occurred at the focal firm (versus the rival firm), which was mediated by consumer trust. However, this mediating effect of consumer trust was not found when the focal firm reacted to a data breach that occurred at a rival firm.

Originality/value

This research represents one of the first studies to introduce the concept of consumer trust to understand the impact of error management on consumers following a data breach. By further including data breach locality as a potential moderator, this research provides suggestions on how firms should strategize their marketing efforts for more effective results.

Details

Journal of Services Marketing, vol. 33 no. 7
Type: Research Article
ISSN: 0887-6045

Keywords

To view the access options for this content please click here
Article
Publication date: 27 March 2020

Ahmad H. Juma'h and Yazan Alnsour

This paper aims to analyze the effect of data breaches – whose concerns and implications can be legal, social and economic – on companies’ overall performance.

Abstract

Purpose

This paper aims to analyze the effect of data breaches – whose concerns and implications can be legal, social and economic – on companies’ overall performance.

Design/methodology/approach

Information on data breaches was collected from online compilations, and financial data on breached companies was collected from the Mergent Online database. The financial variables used were related to profitability, liquidity, solvency and company size to analyze the financial performance of the breached companies before and after the data breach event. Nonfinancial data, such as the type and the size of the breaches, was also collected. The data was analyzed using multiple regression.

Findings

The results confirm that nonmandatory information related to announcements of data breaches is a signal of companies’ overall performance, as measured by profitability ratios, return on assets and return on equity. The study does not confirm a relationship between data breaches and stock market reaction when measuring quarterly changes in share prices.

Research limitations/implications

The main limitation of the study relates to ratio and trend analyses. Such analyses are commonly used when researching accounting information. However, they do not directly reflect the companies’ conditions and realities, and they rely on companies’ released financial reports. Another limitation concerns the confounding factors. The major confounding factors around the data breaches’ dates were identified; however, this was not enough to assure that other factors were not affecting the companies’ financial performance. Because of the nature of such events, this study needs to be replicated to include specific information about the companies using case studies. Therefore, the authors recommend replicating the research to validate the article’s findings when each industry makes more announcements available.

Practical implications

To remediate the risks and losses associated with data breaches, companies may use their reserved funds.

Social implications

Company data breach announcements signal internal deficiencies. Therefore, the affected companies become liable to their employees, customers and investors.

Originality/value

The paper contributes to both theory and practice in the areas of accounting finance, and information management.

Details

International Journal of Accounting & Information Management, vol. 28 no. 2
Type: Research Article
ISSN: 1834-7649

Keywords

To view the access options for this content please click here
Article
Publication date: 3 January 2017

Thomas Kude, Hartmut Hoehle and Tracy Ann Sykes

Big Data Analytics provides a multitude of opportunities for organizations to improve service operations, but it also increases the threat of external parties gaining…

Abstract

Purpose

Big Data Analytics provides a multitude of opportunities for organizations to improve service operations, but it also increases the threat of external parties gaining unauthorized access to sensitive customer data. With data breaches now a common occurrence, it is becoming increasingly plain that while modern organizations need to put into place measures to try to prevent breaches, they must also put into place processes to deal with a breach once it occurs. Prior research on information technology security and services failures suggests that customer compensation can potentially restore customer sentiment after such data breaches. The paper aims to discuss these issues.

Design/methodology/approach

In this study, the authors draw on the literature on personality traits and social influence to better understand the antecedents of perceived compensation and the effectiveness of compensation strategies. The authors studied the propositions using data collected in the context of Target’s large-scale data breach that occurred in December 2013 and affected the personal data of more than 70 million customers. In total, the authors collected data from 212 breached customers.

Findings

The results show that customers’ personality traits and their social environment significantly influences their perceptions of compensation. The authors also found that perceived compensation positively influences service recovery and customer experience.

Originality/value

The results add to the emerging literature on Big Data Analytics and will help organizations to more effectively manage compensation strategies in large-scale data breaches.

Details

International Journal of Operations & Production Management, vol. 37 no. 1
Type: Research Article
ISSN: 0144-3577

Keywords

To view the access options for this content please click here
Article
Publication date: 5 May 2015

Robert E. Holtfreter and Adrian Harrington

The main purpose of this paper is to analyze the trends of various types of data breaches and their compromised records in the USA using a new model recently developed by…

Abstract

Purpose

The main purpose of this paper is to analyze the trends of various types of data breaches and their compromised records in the USA using a new model recently developed by the authors.

Design/methodology/approach

The 2,280 data breaches and over 512 million related compromised records tracked by the Privacy Rights Clearinghouse from 2005 through 2010 were analyzed and classified into four external, five internal and one non-traceable data breach categories, after which trends were determined for each.

Findings

The findings indicate that although the trends for the annual number of data breaches and each of the internal and external categories and their related compromised records have increased over the six-year period, the changes have not been consistent from year to year.

Practical implications

By classifying data breaches into internal and external categories with the use of this new data breach model provides an excellent methodological framework for organizations to use to develop more workable strategies for safeguarding personal information of consumers, clients, employees and other entities.

Originality/value

The topic of data breaches remains salient to profit and nonprofit organizations, researchers, legislators, as well as criminal justice practitioners and consumer advocate groups.

Details

Journal of Financial Crime, vol. 22 no. 2
Type: Research Article
ISSN: 1359-0790

Keywords

To view the access options for this content please click here
Article
Publication date: 21 March 2018

Jessica Rose Carre, Shelby R. Curtis and Daniel Nelson Jones

The purpose of this paper is to understand consumer reactions to security breaches and the best approach for companies to minimize the reputational damage that is done.

Abstract

Purpose

The purpose of this paper is to understand consumer reactions to security breaches and the best approach for companies to minimize the reputational damage that is done.

Design/methodology/approach

The authors assessed trust in a company following a data breach as well as perceptions of individual and corporate responsibility for data security and also measured individual personality.

Findings

The authors found that individuals held companies more responsible for protecting private data and held companies even more responsible following a data breach. Further, perception of responsibility for a data breach significantly affected individuals’ response to a company’s attempt to rebuild trust. Finally, participant personality impacted perceptions of responsibility and trust in a company after a data breach.

Research limitations/implications

Companies are held more responsible for protecting private data than are individuals. Thus, violation of this expectation insofar as a data breach may result in a psychological contract breach which explains reductions in trust in a company which has experienced a data breach. Further, the effect of company’s responses to a data breach depends on individuals’ perception of responsibility and personality. Thus, the best course of action following a data breach may vary across customers.

Practical implications

Companies should consider differences in customer perceptions when responding to a data breach.

Social implications

Individuals differ in how responsible they feel a company is for data security. Further, those differences impact reactions to data breach responses from companies.

Originality/value

This paper explored personality as it impacts perceptions of corporate responsibility in data security. Further, the authors explore the role of perception of responsibility to determine the role of psychological contract breach in reduced trust after data breach.

Details

Managerial Auditing Journal, vol. 33 no. 4
Type: Research Article
ISSN: 0268-6902

Keywords

To view the access options for this content please click here
Article
Publication date: 20 August 2020

Kholekile Gwebu and Clayton W. Barrows

The purpose of this study is to expand on the existing literature by specifically examining data security incidents within the hospitality industry, assessing origins and…

Abstract

Purpose

The purpose of this study is to expand on the existing literature by specifically examining data security incidents within the hospitality industry, assessing origins and causes, comparing breaches within the industry with those of other industries and identifying areas of concern.

Design/methodology/approach

A sample of data breach incidents is drawn from the Verizon VERIS Community Database (VCDB). Statistical comparisons between hospitality and non-hospitality industry firms are conducted following the Verizon A4 threat framework.

Findings

The results reveal that breaches between hospitality and non-hospitality firms differ significantly in terms of actors, actions, assets and attributes. Specifically, proportions of breaches in the hospitality industry are larger in terms of external actors, hacking and malware, user devices compromised and integrity violations. Additionally, compared to other industries, point-of-sales (POS) system breaches occur at a higher rate in the hospitality industry. The study finds that company size, hacking and malware predict the likelihood of a POS breach.

Research limitations/implications

The study uses secondary data and does not include the entire universe of data breaches.

Originality/value

In the quest to reduce data breach incidents, it is imperative to identify and assess the nature of data breach incidents between industries. Doing so permits the development of targeted industry-specific solutions rather than generic ones. This study systematically identifies differences between hospitality and non-hospitality data security incidents and then suggests areas where hospitality companies should focus future attention to mitigate breach incidents.

研究目的

本论文延展了现有文献, 检测了酒店业中的数据安全事故, 评估其起因, 比较其他产业和酒店产业数据泄露的区别, 以及找出关键区域。

研究设计/方法/途径

样本数据为 Verizon VERIS 社区数据库(VCDB)中的数据泄露事件。研究遵循Verizon A4 危险模型, 对酒店业和非酒店业之间事件进行了数据分析比较。

研究结果

研究结果表明酒店公司和非酒店公司的数据泄露在当事人、行为、资产、和属性方面, 有着很大不同。其中, 酒店业中的数据泄露比例在外部因素、黑客、病毒、用户端失灵、和违反道德方面比较大。此外, 相对其他产业, POS系统在酒店产业中的数据泄露概率较高。本论文发现公司规模、黑客、和病毒对POS数据泄露的影响有着重大决定作用。

研究理论限制/意义

本论文使用二手数据, 并未检测整体数据泄露数据。

研究原创性/价值

为了减少数据泄露事件, 产业之间数据泄露事件属性的认定和评价至关重要。因此, 可以针对具体产业具体事件制定出特定的解决方案。本论文系统上指出了酒店和非酒店业的数据安全事件的区别, 以及指出哪些方面, 酒店业应该重点关注, 以减少未来数据泄露事件。

To view the access options for this content please click here
Article
Publication date: 11 October 2011

Chlotia Posey Garrison and Matoteng Ncube

The purpose of this research is to provide companies and consumers with information about the potential connections between data breach types and institutions. This study…

Abstract

Purpose

The purpose of this research is to provide companies and consumers with information about the potential connections between data breach types and institutions. This study also aims to add to the body of knowledge about data breaches.

Design/methodology/approach

This study analyzes a chronology of five years of data breaches. The data were classified and analyzed by breach and institution type, record size, and state. Multiple statistical tests were performed.

Findings

Breach types stolen and exposed are statistically more likely to occur. Educational institutions are more likely to have a breach and it is more probable that educational breaches will be of type hacker or exposed. The proportion of insider incidents is smaller than the other breach types. The number of records breached is independent of institution and breach type.

Research limitations/implications

Only those breaches with a specified number of records are included. The information used may have been updated after our analysis, usually a change in the number of records identified.

Practical implications

Additional knowledge about characteristics of data breaches and the relationship between breach types and institution types will enable both businesses and consumers to be more effective in protecting sensitive information. Businesses will be able to create security budgets based on risk factors and consumers will be more aware of the risks of providing sensitive information.

Originality/value

This study provides a longitudinal analysis covering five years of data breaches and analyzes the relationship between five breach types and six types of institutions.

Details

Information Management & Computer Security, vol. 19 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Expert briefing
Publication date: 7 August 2019

Public sector and GDPR.

1 – 10 of 612