The More, the Better? Compensation and Remorse as Data Breach Recovery Actions – An Experimental Scenario-based Investigation

Abstract: With the increasing number of companies actively collecting data, the number of data breaches has exploded. It can be observed that affected often discontinue their relationship with the company. In order to avoid this kind of response, companies should develop and deploy their own recovery strategies. In our paper, we examined the effectiveness of different recovery strategies geared towards retaining customer satisfaction immediately after a data breach. We examine a data breach of a fitness tracker that var… Show more

“…In addition to the theoretical contribution, the identified results help companies optimize their strategies for future company communication regarding data security and to adapt them in a way that ensures the best possible results even in case of a data breach. While Goode et al [23], Greve et al [25], and Masuch et al [26] found that recovery actions can mitigate the generalized negativity effect of a data breach, this paper focuses specifically on how customers can be influenced in the run-up to a data breach not to perceive the negativity as strongly. As already mentioned, data protection violations can have fatal consequences for the affected companies.…”

“…In particular, research focuses on how the different actions of response strategies after a data breach affect satisfaction [23]. Studies examine hypotheses on the effects of compensation and remorse on crucial customer outcomes after a major data breach and the resulting efforts to rebuild the service [23], [25], [26]. One longitudinal analysis of the phenomenon is conducted, starting from the fact that customers were first made aware of a breach until the compensation associated with the breach was paid [23].…”

“…On the other hand, it is also investigated in a direct context, and the recovery action follows shortly after the consumers have been notified of the data breach. It is also investigated whether the severity of a data breach causes different expectations regarding the recovery strategies [25], [26]. Overall, the studies show that the ECT explains the perception of service quality and the intention to purchase again and trust the company.…”

“…There are a few studies that test recovery actions to increase satisfaction after a data breach (e.g., [23][24]). For example, it has been identified that recovery actions such as compensation are always very effective, and customer satisfaction increases [23], [25], [26]. However, not only the recovery actions are considered in isolation, it can be shown that there is an impact on satisfaction with the recovery actions expected and whether those actions are received.…”

Fitness First or Safety First? Examining Adverse Consequences of Privacy Seals in the Event of a Data Breach.

“…In addition to the theoretical contribution, the identified results help companies optimize their strategies for future company communication regarding data security and to adapt them in a way that ensures the best possible results even in case of a data breach. While Goode et al [23], Greve et al [25], and Masuch et al [26] found that recovery actions can mitigate the generalized negativity effect of a data breach, this paper focuses specifically on how customers can be influenced in the run-up to a data breach not to perceive the negativity as strongly. As already mentioned, data protection violations can have fatal consequences for the affected companies.…”

“…In particular, research focuses on how the different actions of response strategies after a data breach affect satisfaction [23]. Studies examine hypotheses on the effects of compensation and remorse on crucial customer outcomes after a major data breach and the resulting efforts to rebuild the service [23], [25], [26]. One longitudinal analysis of the phenomenon is conducted, starting from the fact that customers were first made aware of a breach until the compensation associated with the breach was paid [23].…”

“…On the other hand, it is also investigated in a direct context, and the recovery action follows shortly after the consumers have been notified of the data breach. It is also investigated whether the severity of a data breach causes different expectations regarding the recovery strategies [25], [26]. Overall, the studies show that the ECT explains the perception of service quality and the intention to purchase again and trust the company.…”

“…There are a few studies that test recovery actions to increase satisfaction after a data breach (e.g., [23][24]). For example, it has been identified that recovery actions such as compensation are always very effective, and customer satisfaction increases [23], [25], [26]. However, not only the recovery actions are considered in isolation, it can be shown that there is an impact on satisfaction with the recovery actions expected and whether those actions are received.…”

Fitness First or Safety First? Examining Adverse Consequences of Privacy Seals in the Event of a Data Breach.

“…Although basic notification templates are available from a variety of sources [e.g., 12,13,14], no widely accepted format has yet been established and the nature of communications can vary widely [3,15]. Recent work on the topic has begun to investigate the relationships between the individual choices made by organizations (e.g., offering compensation or apologizing) and how these choices can impact customers [e.g., 16,17] and investors [e.g. , 18].…”

Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications

Apologize or justify? Examining the impact of data breach response actions on stock value of affected companies?