Search results

This study aims to explore the spillover effects of data breaches from a consumer perspective in the e-commerce context. Specifically, we investigate how an online retailer’s data breach affects consumers’ privacy risk perceptions of competing firms, and further how it affects shopping intention for the competitors. We also examine how the privacy risk contagion effect varies depending on the characteristics of competitors and their competitive responses.

We conducted two scenario-based experiments with surveys. To assess the spillover effects and the moderating effects, we employed an analysis of covariance. We also performed bootstrapping-based mediation analyses using the PROCESS macro.

We find evidence for the privacy risk contagion effect and demonstrate that it negatively influences consumers’ shopping intention for a competing firm. We also find that a competitor’s cybersecurity message is effective in avoiding the privacy risk contagion effect and the competitor even benefits from it.

While previous studies have examined the impacts of data breaches on customer perceptions of the breached firm, our study focuses on customer perceptions of the non-breached firms. To the best of the authors’ knowledge, this study is one of the first to provide empirical evidence for the negative spillover effects of a data breach from a consumer perspective. More importantly, this study empirically demonstrates that the non-breached competitor’s competitive response is effective in preventing unintended negative spillover in the context of the data breach.

This paper aims to increase understanding of pertinent exogenous and endogenous antecedents that can reduce data privacy breaches.

A cross-sectional survey was used to source participants' perceptions of relevant exogenous and endogenous antecedents developed from the Antecedents-Privacy Concerns-Outcomes (APCO) model and Social Cognitive Theory. A research model was proposed and tested with empirical data collected from 213 participants based in Canada.

The exogenous factors of external privacy training and external privacy self-assessment tool significantly and positively impact the study's endogenous factors of individual privacy awareness, organizational resources allocated to privacy concerns, and group behavior concerning privacy laws. Further, the proximal determinants of data privacy breaches (dependent construct) are negatively influenced by individual privacy awareness, group behavior related to privacy laws, and organizational resources allocated to privacy concerns. The endogenous factors fully mediated the relationships between the exogenous factors and the dependent construct.

This study contributes to the budding data privacy breach literature by highlighting the impacts of personal and environmental factors in the discourse.

The results offer management insights on mitigating data privacy breach incidents arising from employees' actions. Roles of external privacy training and privacy self-assessment tools are signified.

Antecedents of data privacy breaches have been underexplored. This paper is among the first to elucidate the roles of select exogenous and endogenous antecedents encompassing personal and environmental imperatives on data privacy breaches.

This paper aims to examine the conditions under which small and medium enterprises (SMEs) invest in security services when they migrate their e-commerce applications to the cloud environment. Using a risk management perspective, the paper assesses the impact of security service pricing, security incident prevalence and virulence to estimate SME security spending at the market level and draw out implications for SMEs and security service providers.

Security risks are inherently characterized by uncertainty. This study uses a Monte Carlo approach to understand the role of uncertainty in the decision to adopt security services. A model relating key security constructs is assembled based on key constructs from the domain. By manipulating security service costs and security incident types, the model estimates the market-level adoption of services, security incidents and damages incurred, along with measures of their relative dispersion.

Three key findings emerge from this study. First, adoption of services and protection is higher when tiered security services are provided, indicating that SMEs prefer to choose their security services rather than accept uniformly priced products. Second, SMEs are considered price-sensitive, resulting in a maximum level of spending in the market. Third, results indicate that security incidents and damages can be much higher than the mean in some cases, and this should serve as a cautionary note to SMEs.

Security spending has been modeled at the firm level. Adopting a market-level perspective represents a novel contribution. Additionally, the Monte Carlo approach provides managers with tangible measures of uncertainty, affording additional information and insight when making security service adoption decisions.

Personal data is a powerful tool. The more someone know about us, the more power they got over us. But who will control the most of our personal data? Does the government and the big tech really care about our personal data? This paper aims to look at data practices, data-related policy making as well as its economic consequences in the context of emerging economies.

Using qualitative methods such as literature review and analysis of numerous government documents, this paper inquires into the dynamics in the use of data by the business sectors, explains how data governance can add value to the business sectors while ensuring customers’ data privacy protection based on the data governance mechanism framework and details what it takes.

Using the case of Indonesian recent development on data privacy regulation, this paper describes the problems and threats to personal data protection. The advent of latest computing and mobile technology is shifting power relations between the governments, the big tech, as well as the end users. To conclude, the strategy and policy recommendations for implementing data privacy protection are also presented.

This paper provides a timely synthesis of data practices in the context of developing countries, particularly in relation to policy making and economic consequences. This paper also identifies and shares several promising future research ideas.

The COVID-19 pandemic has showcased the lack of resilience found in the global value chains (GVCs) of multinational enterprises (MNEs). Existing evidence shows that MNEs have only recently and slowly started recovering and attempting to rebuild the resilience of their GVCs. This paper analyzes the challenges/inhibitors faced by MNEs in building their resilience through their GVCs.

A four-stage hybrid model was used to identify the interrelationship among the identified inhibitors and to distinguish the most critical ones by ranking them. In the first stage, we employed a modified total interpretive structural modeling (m-TISM) approach to determine the inter-relationship among the inhibitors. Additionally, we identified the inhibitors' driving power and dependency by performing a matrix multiplication applied to classification (MICMAC) analysis. In the second stage, we employed the Pythagorean fuzzy analytic hierarchy process (PF-AHP) method to determine the weight of the criteria. The next stage followed, in which we used the Pythagorean fuzzy combined compromise solution (PF-CoCoSo) method to rank the inhibitors. Finally, we performed a sensitivity analysis to determine the robustness of the framework we had built based on the criteria and inhibitors.

We find business sustainability to have the highest importance and managerial governance as the most critical inhibitor hindering the path to resilience. Based on these insights, we derive four research propositions aimed at strengthening the resilience of such GVCs, followed by their implications for theory and practice.

Our findings contribute to the extant literature by uncovering key inhibitors that act as barriers to MNEs. We link out our findings with a number of propositions that we derive, which may be considered for implementation by MNEs and could help them endow their GVCs with resilience.

In the online environment, consumers increasingly feel vulnerable due to firms’ expanding capabilities of collecting and using their data in an unsanctioned manner. Drawing from gossip theory, this research focuses on two key suppressors of consumer vulnerability: transparency and control. Previous studies conceptualize transparency and control from rationalistic approaches that overlook individual experiences and present a unidimensional conceptualization. This research aims to understand how individuals interpret transparency and control concerning privacy vulnerability in the online environment. Additionally, it explores strategic approaches to communicating the value of transparency and control.

An interpretivism paradigm and phenomenology were adopted in the research design. Data were collected through semi-structured interviews with 41 participants, including consumers and experts, and analyzed through thematic analysis.

The findings identify key conceptual dimensions of transparency and control by adapting justice theory. They also reveal that firms can communicate assurance, functional, technical and social values of transparency and control to address consumer vulnerability.

This research makes the following contributions to the data privacy literature. The findings exhibit multidimensional and comprehensive conceptualizations of transparency and control, including user, firm and information perspectives. Additionally, the conceptual framework combines empirical insights from both experiencers and observers to offer an understanding of how transparency and control serve as justice mechanisms to effectively tackle the issue of unsanctioned transmission of personal information and subsequently address vulnerability. Lastly, the findings provide strategic approaches to communicating the value of transparency and control.

In the modern digital realm, while artificial intelligence (AI) technologies pave the way for unprecedented opportunities, they also give rise to intricate cybersecurity issues, including threats like deepfakes and unanticipated AI-induced risks. This study aims to address the insufficient exploration of AI cybersecurity awareness in the current literature.

Using in-depth surveys across varied sectors (N = 150), the authors analyzed the correlation between the absence of AI risk content in organizational cybersecurity awareness programs and its impact on employee awareness.

A significant AI-risk knowledge void was observed among users: despite frequent interaction with AI tools, a majority remain unaware of specialized AI threats. A pronounced knowledge difference existed between those that are trained in AI risks and those who are not, more apparent among non-technical personnel and sectors managing sensitive information.

This study paves the way for thorough research, allowing for refinement of awareness initiatives tailored to distinct industries.

It is imperative for organizations to emphasize AI risk training, especially among non-technical staff. Industries handling sensitive data should be at the forefront.

Ensuring employees are aware of AI-related threats can lead to a safer digital environment for both organizations and society at large, given the pervasive nature of AI in everyday life.

Unlike most of the papers about AI risks, the authors do not trust subjective data from second hand papers, but use objective authentic data from the authors’ own up-to-date anonymous survey.

Smartphone apps collect users' personal information, which triggers privacy concerns for app users. Consequently, app users restrict apps from accessing their personal information. This may impact the effectiveness of in-app advertising. However, research has not yet demonstrated what factors impact app users' decisions to use apps with restricted permissions. This study is aimed to bridge this gap.

Using a quantitative research method, the authors collected the data from 384 app users via a structured questionnaire. The data were analysed using AMOS and fuzzy-set qualitative comparative analysis (fsQCA).

The findings suggest privacy concerns and risks have a significant positive effect on app usage with restricted permissions, whilst reputation, trust and perceived benefits have significant negative impact on it. Some app-related factors, such as the number of apps installed and type of apps, also impact app usage with restricted permissions.

Based on the findings, the authors provided several implications for app stores, app developers and app marketers.

This study examines the factors that influence smartphone users' decisions to use apps with restricted permission requests. By doing this, the authors' study contributes to the consumer behaviour literature in the context of smartphone app usage. Also, by explaining the underlying mechanisms through which the principles of communication privacy management theory operate in smartphone app context, the authors' research contributes to the communication privacy management theory.

Despite ongoing reports of insider-driven leakage of confidential data, both academic scholars and practitioners tend to focus on external threats and favour information technology (IT)-centric solutions to secure and strengthen their information security ecosystem. Unfortunately, they pay little attention to human resource management (HRM) solutions. This paper aims to address this gap and proposes an actionable human resource (HR)-centric and artificial intelligence (AI)-driven framework.

The paper highlights the dangers posed by insider threats and presents key findings from a Leximancer-based analysis of a rapid literature review on the role, nature and contribution of HRM for information security, especially in addressing insider threats. The study also discusses the limitations of these solutions and proposes an HR-in-the-loop model, driven by AI and machine learning to mitigate these limitations.

The paper argues that AI promises to offer many HRM-centric opportunities to fortify the information security architecture if used strategically and intelligently. The HR-in-the-loop model can ensure that the human factors are considered when designing information security solutions. By combining AI and machine learning with human expertise, this model can provide an effective and comprehensive approach to addressing insider threats.

The paper fills the research gap on the critical role of HR in securing and strengthening information security. It makes further contribution in identifying the limitations of HRM solutions in info security and how AI and machine learning can be leveraged to address these limitations to some extent.

This study aims to investigate tourists’ attitudes and intentions regarding the usage of Chat Generative Pre-trained Transformer (ChatGPT) for accessing tourism information. Furthermore, by integrating the perceived risks associated with ChatGPT and the theory of planned behavior (TPB), this research examines the impact of three types of perceived risks, such as privacy risk, accuracy risk and overreliance risk, on tourists’ behavioral intention.

Data were gathered for this study by using two online survey platforms, thus resulting in a sample of 536 respondents. The online survey questionnaire assessed tourists’ perceived risks, attitude, subjective norm, perceived behavioral control, behavioral intention and demographic information related to their usage of ChatGPT.

The structural equation modeling analysis revealed that tourists express concerns about the associated risks of using ChatGPT to search for tourism information, specifically privacy risk, accuracy risk and overreliance risk. It was found that perceived risks significantly influence tourists’ attitude and intention toward the usage of ChatGPT, which is consistent with the hypotheses proposed in previous literature regarding tourists’ perceived risks of ChatGPT.

This work is a preliminary empirical study that assesses tourists’ behavioral intention toward the use of ChatGPT in the field of tourism. Previous research has remained at the hypothetical level, speculating about the impact of ChatGPT on the tourism industry. This study investigates the behavioral intention of tourists who have used ChatGPT to search for travel information. Furthermore, this study provides evidence based on the outcome of this research and offers theoretical foundations for the sustainable development of generative AI in the tourism domain. This study has limitations in that it primarily focused on exploring the risks associated with ChatGPT and did not extensively investigate its range of benefits.

First, to address privacy concerns that pose significant challenges for chatbots various measures, such as data encryption, secure storage and obtaining user consent, are crucial. Second, despite concerns and uncertainties, the introduction of ChatGPT holds promising prospects for the tourism industry. By offering personalized recommendations and enhancing operational efficiency, ChatGPT has the potential to revolutionize travel experiences. Finally, recognizing the potential of ChatGPT in enhancing customer service and operational efficiency is crucial for tourism enterprises.

Recognizing the potential of ChatGPT in enhancing customer service and operational efficiency is crucial for tourism enterprises. As their interest in adopting ChatGPT grows, increased investments and resources will be dedicated to developing and implementing ChatGPT solutions. This enhancement may involve creating customized ChatGPT solutions and actively engaging in training and development programs to empower employees in effectively using ChatGPT’s capabilities. Such initiatives can contribute to improved customer service and overall operations within the tourism industry.

This study integrates TPB with perceived risks in ChatGPT, thus providing empirical evidence. It highlights the importance of considering perceived risks in tourists’ intentions and contributes to the sustainable development of generative AI in tourism. As such, it provides valuable insights for practitioners and policymakers.

本研究旨在调查游客对使用ChatGPT获取旅游信息的态度和意向。此外, 通过将与ChatGPT相关的感知风险与计划行为理论（TPB）相结合, 本研究探讨了三种感知风险（隐私风险、准确性风险和过度依赖风险）对游客行为意向的影响。

本研究通过两个在线调查平台收集了536名受访者的数据。在线调查问卷评估了游客对ChatGPT使用的感知风险、态度、主观规范、感知行为控制、行为意向以及与其使用ChatGPT相关的人口统计信息。

结构方程建模分析显示, 游客对使用ChatGPT搜索旅游信息的相关风险表示关切, 特别是隐私风险、准确性风险和过度依赖风险。发现感知风险显著影响游客对使用ChatGPT的态度和意向, 与先前有关游客对ChatGPT感知风险的文献中提出的假设一致。

本研究将TPB与ChatGPT中的感知风险相结合, 提供了实证证据。它强调了在考虑游客意向时考虑感知风险的重要性, 并为旅游中生成AI的可持续发展提供了贡献。因此, 它为从业者和政策制定者提供了宝贵的见解。