The benefits of a cyber-resilience posture on negative public reaction following data theft

Research shows that customers are insufficiently motivated to protect themselves from crimes that may derive from data theft within an organisation. Instead, the burden of security is placed upon the businesses that host their personal information. Companies that fail to sufficiently secure their cu...

Full description

Saved in:  
Bibliographic Details
Authors: Toma, Traian (Author) ; Décary-Hétu, David (Author) ; Dupont, Benoît (Author)
Format: Electronic Article
Language:English
Published: 2023
In: Journal of criminology
Year: 2023, Volume: 56, Issue: 4, Pages: 470-493
Online Access: Volltext (kostenfrei)
Journals Online & Print:
Drawer...
Check availability: HBZ Gateway
Keywords:
crisis communication
cyber-resilience
Cybersecurity
data breach
ideal victim
Reputation
Risk Management
social reaction
Victim blaming
Vignettes
Description
Summary:Research shows that customers are insufficiently motivated to protect themselves from crimes that may derive from data theft within an organisation. Instead, the burden of security is placed upon the businesses that host their personal information. Companies that fail to sufficiently secure their customers? information thus risk experiencing potentially ruinous reputational harm. There is a relative dearth of research examining why some businesses that have been breached stay resilient in the face of negative public reaction while others do not. To bridge this knowledge gap, this study tackles the concept of cyber-resilience, defined as the ability to limit, endure, and eventually bounce back from the impact of a cyber incident. A vignette-based experimental study was conducted and featured: (1) a breached business described as having a strong cyber-resilience posture; (2) a breached business described as having a weak cyber-resilience posture. Overall, a convenience sample of 605 students in Canada were randomly assigned to one of the two main experimental conditions. The results show that a strong cyber-resilience posture reduces negative customer attitudes and promotes positive customer behavioral intentions, in comparison to a weak cyber-resilience posture. Similarly, the more negative attitudes a customer holds toward a breached business, the less likely they are to behave favorably toward it. As a result of this study, cyber-resilience, which has hitherto primarily received conceptual attention, gains explanatory power. Furthermore, this research project contributes more generally to business victimology, which is an underdeveloped field of criminology.
ISSN:2633-8084
DOI:10.1177/26338076231161898