It pays to be forthcoming: timing of data breach announcement, trust violation, and trust restoration

Abstract

PurposeThis research examines the relationship between the timeliness in announcing the discovery of a data breach and consumer trust in an e-commerce company, as well as later trust-rebuilding efforts taken by the company to compensate users impacted by the breach.Design/methodology/approachA survey experiment was used to examine the effect of both trust-reducing events (announced data breaches) and trust-enhancing events (provision of identity theft protection and credit monitoring) on consumer trust. The timeliness of the breach announcement by an e-commerce company was manipulated between two randomly assigned groups of subjects; one group viewed an announcement of the breach immediately upon its discovery, and the other viewed an announcement made two months after the breach was discovered. Consumer trust was measured before the breach, after the breach was announced, and finally, after the announcement of data protection.FindingsThe results suggest that companies that delay a data breach announcement are likely to suffer a larger drop in consumer trust than those that immediately disclose the data breach. The results also suggest that trust can be repaired by providing data protection. However, even after providing identity theft protection and credit monitoring, companies that fail to promptly disclose a breach have lower repaired trust than companies that promptly disclose.Originality/valueThis study contributes to the literature on e-commerce trust by examining how a company's forthrightness in reporting a data breach impacts user trust at the time of the disclosure of the data breach and after subsequent efforts to repair trust.