Abstract
Evidence shows that, in the aftermath of cyberattacks, organizations usually accept responsibility for having failed to protect stakeholders’ data more effectively. While this strategy is reasonable in many circumstances, research suggests that it would be unsuitable in situations where the data breach is caused exclusively by criminal actors, what scholars refer to as a “victim crisis.” We argue that, in this type of situations, organizations can apologize while claiming victimhood. We present a model of moderated mediation explaining the persuasiveness of this strategy as a response to cyberattacks. In five experiments, we show that an apology claiming victimhood outperforms an apology accepting or rejecting responsibility. However, claiming victimhood is effective only when evidence of harm is provided and when the organization cannot be construed as being partly responsible for the attack. Furthermore, claiming victimhood is more effective if the focal organization is perceived as virtuous and the cybercriminal as very competent. The study contributes to the literature on service failure and recovery by offering the first account of how claims of victimhood can be deployed effectively. Furthermore, the study raises important managerial implications by proposing a novel communication strategy that can be deployed in the aftermath of cyberattacks.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callSimilar Papers
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
