Do You Still Trust?

Recently, data breaches, especially insider data breaches, have become increasingly common. However, there is a limited amount of research on the factors associated with the decrease in users' trust in response to these events. In this study, social role theory and socioemotional selectivity theory are applied to understand the role of age (younger and older), biological (male and female) and cultural (masculinity and femininity) gender, and the four dimensions of privacy concern-collection, secondary use, unauthorized access, and error-on initial trust and the corresponding decrease in trust associated with the three trust beliefs of ability, benevolence, and integrity. A scenario-based approach is used to focus on a case study of an insider breach. The findings also provide helpful insights into the comparative roles of trust builders (e.g., reputation and design) and trust crashers (e.g., privacy concerns) in the process of trust building and trust decrease in different demographics (e.g., older and younger, males and females) for overall trust and trusting beliefs. Theoretical, managerial, and social implications are discussed.

DATA BREACHES AND DIGITALISATION

The report provides an overview of the importance and benefits of examining personal data breaches in the context of a global trend such as digitalisation. Regardless of the extremely negative consequences that security breaches have, both for the individuals whose data are affected and for the data controllers / processors, data breaches are valuable sources of information.

Work ethic and information security behavior

Purpose Information security is a growing issue that impacts organizations in virtually all industries, and data breaches impact millions of customers and cost organizations millions of dollars. Within the past several years alone, huge data breaches have been experienced by organizations such as Marriot, Equifax, eBay, JP Morgan Chase, Home Depot, Target and Yahoo, the latter of which impacted three billion users. This study aims to examine the utilization of pre-employment screening to identify potential hires that may require enhanced information security training to avoid such costs. Design/methodology/approach The authors hypothesize that an individual’s work ethic predicts a person’s information security behavior. The authors test this hypothesis using structural equation modeling with bootstrapping techniques. Findings Data analysis suggests that certain dimensions of work ethic do indeed predict information security posture, and thus, simple pre-employment screening techniques (i.e. questionnaires) can aid in identifying potential security threats. Practical implications The findings provide a tool for identifying problematic employee security posture prior to hiring, which may be useful in identifying training needs for new hires. Originality/value The findings provide a tool for identifying problematic employee security posture prior to hiring, which may be useful in identifying training needs for new hires.

What to do after a data breach? Examining apology and compensation as response strategies for health service providers

Innovative IT-enabled health services promise tremendous benefits for customers and service providers alike. Simultaneously, health services by nature process sensitive customer information, and data breaches have become an everyday phenomenon. The challenge that health service providers face is to find effective recovery strategies after data breaches to retain customer trust and loyalty. We theorize and investigate how two widely applied recovery actions (namely apology and compensation) affect customer reactions after a data breach in the specific context of fitness trackers. Drawing on expectation confirmation theory, we argue that the recovery actions derived from practice, apology, and compensation address the assimilation-contrast model’s tolerance range and, thus, always lead to satisfaction with the recovery strategy, which positively influences customers’ behavior. We employ an experimental investigation and collect data from fitness tracker users during a running event. In the end, we found substantial support for our research model. Health service providers should determine specific customer expectations and align their data breach recovery strategies accordingly.