Consumer security behaviors and trust following a data breach

Abstract

PurposeThe purpose of this study was to determine how security statement certainty (overconfident, underconfident and realistic) and behavioral intentions of potential consumers impact the perceptions of companies in the presence or absence of a past security breach.Design/methodology/approachThe study exposed participants to three types of security statements and randomly assigned them to the presence or absence of a previous breach. Participants then evaluated the company and generated a hypothetical password for that company.FindingsThis study found that the presence or absence of a previous breach had a large impact on company perceptions, but a minimal impact on behavioral intentions to be personally more secure.Research limitations/implicationsThe authors found that the presence or absence of a previous breach had a large impact on company perceptions, but minimal impact on behavioral intentions to be personally more secure.Practical implicationsCompanies need to be cautious about how much confidence they convey to consumers. Companies should not rely on consumers engaging in secure online practices, even following a breach.Social implicationsCompanies need to communicate personal security behaviors to consumers in a way that still instills confidence in the company but encourages personal responsibility.Originality/valueThe confidence of company security statements and presence of a previous breach were examined for their impact on company perception and a novel dependent variable of password complexity.