Security Breaches and Organization Response Strategy: Exploring Consumers’ Threat and Coping Appraisals

Abstract

We address a long-standing lacuna in the Information Management literature on the relationships among security breaches, organization response strategy as well as consumers’ threat and coping appraisal. Security breaches can involve the leak of sensitive data, and potentially lead to negative consumer reactions. It is, thus, timely and critical to theorize and empirically investigate the ways in which organization can respond effectively to security breaches and how consumers’ threat and coping appraisals vary according to the different response strategies. Our study addresses this lacuna by developing a conceptual model of i) security breach, ii) organization response strategies, and iii) consumer appraisal, grounded on the risk theory and protection motivation theory. We use the principal and agent perspectives to portray the breached organization as the agent providing the coping strategy, and consumers as the principal actors who evaluate the strategy. We incorporated a vignette-based survey to test the model with empirical data. We identify that the variations in the response strategy of organization after a security breach can lead to significantly different consumers’ reactions. We discuss the implications of our findings for theory and practice and delineate an agenda for future research.