AN EMPIRICAL INVESTIGATION OF COMPANY RESPONSE TO DATA BREACHES
成果类型:
Article
署名作者:
Nikkhah, Hamid Reza; Grover, Varun
署名单位:
Bentley University; University of Arkansas System; University of Arkansas Fayetteville
刊物名称:
MIS QUARTERLY
ISSN/ISSBN:
0276-7783
DOI:
10.25300/MISQ/2022/16609
发表日期:
2022
页码:
2163-2196
关键词:
corporate social-responsibility
information-systems
customer satisfaction
factorial surveys
service failures
strategies
CRISIS
COMPENSATION
RECOVERY
IMPACT
摘要:
Companies may face serious adverse consequences as a result of a data breach event. To repair the potential damage to relationships with stakeholders after data breaches, companies adopt a variety of response strategies. However, the effects of these response strategies on the behavior of stakeholders after a data breach are unclear; differences in response times may also affect these outcomes, depending on the notification laws that apply to each company. As part of a multimethod study, we first identified the adopted response strategies in Study 1 based on content analysis of the response letters issued by publicly traded U.S. companies (n = 204) following data breaches; these strategies include any combination of the following: corrective action, apology, and compensation. We also found that breached companies may remain silent and adopt a no action strategy. In Studies 2 and 3, we examined the effects of various response strategies and response times on the predominant stakeholders affected by data breaches: customers and investors. In Study 2, we focused on customers and present a moderated-moderated-mediation model based on the expectancy violation theory. To test this model, we designed a factorial survey with 15 different conditions (n = 811). In Study 3, we focused on investors and conducted an event study (n = 166) to examine their reactions to company responses to data breaches. The results indicate the presence of moderating effects of certain response strategies; surprisingly, we did not find compensation to be more effective than apology. The magnitude of the moderating effects of response strategies is contingent upon response time. We also found that the negative effects of data breaches disappear after six months. We interpret the results and provide implications for research and practice.
来源URL: