Purpose
The purpose of this paper is to understand consumer reactions to security breaches and the best approach for companies to minimize the reputational damage that is done.
Design/methodology/approach
The authors assessed trust in a company following a data breach as well as perceptions of individual and corporate responsibility for data security and also measured individual personality.
Findings
The authors found that individuals held companies more responsible for protecting private data and held companies even more responsible following a data breach. Further, perception of responsibility for a data breach significantly affected individuals’ response to a company’s attempt to rebuild trust. Finally, participant personality impacted perceptions of responsibility and trust in a company after a data breach.
Research limitations/implications
Companies are held more responsible for protecting private data than are individuals. Thus, violation of this expectation insofar as a data breach may result in a psychological contract breach which explains reductions in trust in a company which has experienced a data breach. Further, the effect of company’s responses to a data breach depends on individuals’ perception of responsibility and personality. Thus, the best course of action following a data breach may vary across customers.
Practical implications
Companies should consider differences in customer perceptions when responding to a data breach.
Social implications
Individuals differ in how responsible they feel a company is for data security. Further, those differences impact reactions to data breach responses from companies.
Originality/value
This paper explored personality as it impacts perceptions of corporate responsibility in data security. Further, the authors explore the role of perception of responsibility to determine the role of psychological contract breach in reduced trust after data breach.
Purpose
The purpose of this study was to determine how security statement certainty (overconfident, underconfident and realistic) and behavioral intentions of potential consumers impact the perceptions of companies in the presence or absence of a past security breach.
Design/methodology/approach
The study exposed participants to three types of security statements and randomly assigned them to the presence or absence of a previous breach. Participants then evaluated the company and generated a hypothetical password for that company.
Findings
This study found that the presence or absence of a previous breach had a large impact on company perceptions, but a minimal impact on behavioral intentions to be personally more secure.
Research limitations/implications
The authors found that the presence or absence of a previous breach had a large impact on company perceptions, but minimal impact on behavioral intentions to be personally more secure.
Practical implications
Companies need to be cautious about how much confidence they convey to consumers. Companies should not rely on consumers engaging in secure online practices, even following a breach.
Social implications
Companies need to communicate personal security behaviors to consumers in a way that still instills confidence in the company but encourages personal responsibility.
Originality/value
The confidence of company security statements and presence of a previous breach were examined for their impact on company perception and a novel dependent variable of password complexity.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.