Abstract
PurposeData breaches are an increasing phenomenon in today's digital society. Despite the preparations an organization must take to prevent a data breach, it is still necessary to develop strategies in the event of a data breach. This paper explores the key recovery areas necessary for data breach recovery.Design/methodology/approachStakeholder theory and three recovery areas (customer, employee and process recovery) are proposed as necessary theoretical lens to study data breach recovery. Three data breach cases (Anthem, Equifax, and Citrix) were presented to provide merit to the argument of the proposed theoretical foundations of stakeholder theory and recovery areas for data breach recovery research.FindingsInsights from these cases reveal four areas of recovery are necessary for data breach recovery – customer recovery, employee recovery, process recovery and regulatory recovery.Originality/valueThese areas are presented in the data recovery areas model and are necessary for: (1) organizations to focus on these areas when resolving data breaches and (2) future data breach recovery researchers in developing their research in the field.
Highlights
IntroductionThe Identity Theft Resource Center (ITRC) reported approximately 1,108 data breaches in the year of 2020 (ITRC, 2020)
Data breaches are a common phenomenon in today’s digital age
This paper proposed the implementation of stakeholder theory in combination with the service failure recovery areas as a theoretical lens to identify the necessary recovery areas needed for an organization to sustain itself following a data breach
Summary
The Identity Theft Resource Center (ITRC) reported approximately 1,108 data breaches in the year of 2020 (ITRC, 2020). Despite this number being a decrease by 19% from 2019, data breaches incur financial costs, along with additional negative outcomes such as the unfavorable reputation a company suffers from its clients and the public, post-breach. Organizations often face adversity with consumer relations, as many consumers may lose confidence in the organization’s ability to protect information. An organization that suffers a data breach may compromise the organization’s ability to operate in a competitive manner due to cases of regulatory compliance investigations, or compromise of other salient information assets necessary for an organization to operate optimally
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
