Consumer security behaviors and trust following a data breach
ISSN: 0268-6902
Article publication date: 24 April 2018
Issue publication date: 6 June 2018
Abstract
Purpose
The purpose of this study was to determine how security statement certainty (overconfident, underconfident and realistic) and behavioral intentions of potential consumers impact the perceptions of companies in the presence or absence of a past security breach.
Design/methodology/approach
The study exposed participants to three types of security statements and randomly assigned them to the presence or absence of a previous breach. Participants then evaluated the company and generated a hypothetical password for that company.
Findings
This study found that the presence or absence of a previous breach had a large impact on company perceptions, but a minimal impact on behavioral intentions to be personally more secure.
Research limitations/implications
The authors found that the presence or absence of a previous breach had a large impact on company perceptions, but minimal impact on behavioral intentions to be personally more secure.
Practical implications
Companies need to be cautious about how much confidence they convey to consumers. Companies should not rely on consumers engaging in secure online practices, even following a breach.
Social implications
Companies need to communicate personal security behaviors to consumers in a way that still instills confidence in the company but encourages personal responsibility.
Originality/value
The confidence of company security statements and presence of a previous breach were examined for their impact on company perception and a novel dependent variable of password complexity.
Keywords
Citation
Curtis, S.R., Carre, J.R. and Jones, D.N. (2018), "Consumer security behaviors and trust following a data breach", Managerial Auditing Journal, Vol. 33 No. 4, pp. 425-435. https://doi.org/10.1108/MAJ-11-2017-1692
Publisher
:Emerald Publishing Limited
Copyright © 2018, Emerald Publishing Limited