Abstract
This research examines the responses of online customers to a publicized information security incident and develops a model of retreative behaviors triggered by such a security incident. The model is empirically tested using survey data from 192 users of a recently compromised website. The results of the data analyses suggest that an information security incident can cause a measurable negative impact on customer behaviors, although the impact seems to be largely limited to that particular website. The tested model of retreative behaviors indicates that perceived damage and availability of alternative shopping sources can significantly increase retreative behaviors of victimized customers, while perceived relative usefulness and ease-of-use of the website show limited effects in reducing such behaviors.
Similar content being viewed by others
Notes
www.auction.co.kr: A subsidiary of e-bay since 2001. For more information about major Internet shopping sites in Korean, refer to http://www.redherring.com/Home/17139
In this paper, an alternative vendor can be any online or offline store where an Auction customer can acquire an equivalent level of services/products. This is different from an alternative decision option (e.g., decision to do nothing, stay with Auction but provide false info, switch to another online vendor, go offline)
The sum of all outcome probabilities in a decision option may not be one. Refer to Tversky and Kahneman (1992) for more details about assumptions and model specifications in different decision theories.
Portal (Naver), social network (CyWorld), shopping mall (Auction, GMarket, InterPark), webmail (Gmail, Hotmail) sites
Odd vs. even number cases when the entire responses from Auction members are listed in the response order.
References
Ajzen, I. (1991). The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50(2), 179–211.
Antony, S., Lin, Z., & Xu, B. (2006). Determinants of escrow service adoption in consumer-to-consumer online auction market: an experimental study. Decision Support Systems, 42(3), 1889.
Bansal, H. S., & Taylor, S. F. (1999). The service provider switching model(SPSM): a model of consumer switching behavior in the services industry. Journal of Service Research, 2, 200–218.
Barua, A., Konana, P., Whinston, A. B., & Yin, F. (2004). An empirical investigation of net-enabled business value. MIS Quarterly, 28(4), 585–620.
Berendt, B., Gunther, O., & Spiekermann, S. (2005). Privacy in e-commerce: stated preference vs. actual behavior. Communications of the ACM, 48(4), 101–106.
Bhattacherjee, A. (2001). Understanding information systems continuance: an expectation-confirmation model. MIS Quarterly, 25(3), 351–370.
Biswas, D., & Biswas, A. (2004). The diagnostic role of signals in the context of perceived risks in online shopping: do signals matter more on the Web? Journal of Interactive Marketing, 18(3), 30.
Brown, M., & Muchira, R. (2004). Investigating the relationship between internet privacy concerns and online purchase behavior. Journal of Electronic Commerce Research, 5(1), 62–70.
Chau, P. Y. K., Hu, P. J.-H., Lee, B. L. P., & Au, A. K. K. (2007). Examining customers' trust in online vendors and their dropout decisions: an empirical study. Electronic Commerce Research and Applications, 6(2), 171.
Chen, P.-Y., & Hitt, L. M. (2002). Measuring switching costs and the determinants of customers retention in Internet-enabled businesses: a study of the online brokerage industry. Information Systems Research, 13(3), 255.
Cho, V. (2006). A study of the roles of trusts and risks in information-oriented online legal services using an integrated model. Information & Management, 43(4), 502.
Coleman, J. S. (1990). Foundations of social theory. Cambridge: Harvard University Press.
Cook, T. D., & Campbell, D. T. (1979). Quasi-experimentation: Design and analysis issues for field settings. Boston: Houghton Mifflin Company.
Cox, D. F., & Rich, S. V. (1964). Perceived risk and consumer decision making—the case of telephone shopping. Journal of Market Research, 1, 32–40.
Devaraj, S., Fan, M., & Kohli, R. (2006a). Examination of online channel preference: using the structure-conduct-outcome framework. Decision Support Systems, 42(2), 1089.
Devaraj, S., Fan, M., & Kohli, R. (2006b). Examination of online channel preference: using the structure-conduct-outcome framework*. Decision Support Systems, 42(2), 1089.
Dhami, S., & al-Nowaihi, A. (2007). Why do people pay taxes? Prospect theory versus expected utility theory. Journal of Economic Behavior & Organization, 64, 171–192.
Dinev, T., & Hart, P. (2006). Privacy concerns and levels of information exchange: an empirical investigation of intended e-services use. E - Service Journal, 4(3), 25.
Dowling, G. R., & Staelin, R. (1994). A model of perceived risk and intended risk-handling activity. The Journal of Consumer Research, 12(1), 119–134.
Eastlick, M. A., Lotz, S. L., & Warrington, P. (2006). Understanding online B-to-C relationships: an integrated model of privacy concerns, trust, and commitment. Journal of Business Research, 59(8), 877.
Forsythe, S. M., & Shi, B. (2003). Consumer patronage and risk perceptions in Internet shopping. Journal of Business Research, 56(11), 867.
Ganesh, J., Arnold, M. J., & Reynolds, K. E. (2000). Understanding the customer base of service providers: an examination of the differences between switchers and stayers. Journal of Marketing, 64, 65–87.
Gefen, D., Benbasat, I., & Pavlou, P. A. (2008). A research agenda for trust in online environments. Journal of Management Information Systems, 24(4), 275–286.
Hart, P., & Saunders, C. (1997). Power and trust: critical factors in the adoption and use of electronic data interchange. Organization Science, 8(1), 23–42.
Haubl, G., & Trifts, V. (2000). Consumer decision making in online shopping environments: the effects of interactive decision aids. Marketing Science, 19(1), 4–21.
Huang, W-y, Schrank, H., & Dubinsky, A. J. (2004). Effect of brand name on consumers' risk perceptions of online shopping. Journal of Consumer Behaviour, 4(1), 40.
Igbaria, M., Zinatelli, N., Cragg, P., & Cavaye, A. L. M. (1997). Personal computing acceptance factors in small firms: a structural equation model. MIS Quarterly, 21(3), 279–305.
Jacoby, J., & Kaplan, L. B. (1972). The components of perceived risk. Paper presented at the Third Annual Conference of the Association for Consumer Research.
Jarvenpaa, S. L., Tractinsky, N., & Vitale, M. (2000). Consumer trust in an internet store. Information Technology and Management, 1, 45–71.
Jones, M. A., Motherbaugh, D. L., & Beatty, S. E. (2000). Switching barriers and repurchase intentions in services. Journal of retailing, 76(2), 259–274.
Kahneman, D., & Tversky, A. (1979). Prospect theory: an analysis of decision under risk. Econometrica, 47(2), 263–291.
Karimi, J., Somers, T. M., & Bhattacherjee, A. (2007). The role of information systems resources in ERP capability building and business process outcomes. Journal of Management Information Systems, 24(2), 221–260.
Kaufman-Scarborough, C., & Lindquist, J. D. (2002). E-shopping in a multiple channel environment. Journal of Consumer Marketing, 19(4), 333–350.
Keaveney, S. M., & Parthasarathy, M. (2001). Customer switching behavior in online services: an exploratory study of the role of selected attitudinal, behavioral, and demographic factors. Journal of Academy of Marketing Science, 29(4), 374.
Khalifa, M., & Liu, V. (2007). Online consumer retention: contingent effects of online shopping habit and online shopping experience. European Journal of Information Systems, 16(6), 780.
Kim, D. J., Steinhield, C., & Lai, Y.-J. (2008). Revisiting the role of web assurance seals in business-to-consumer electronic; ommerce. Decision Support Systems, 44(4), 1000.
Kohli, R., Devaraj, S., & Mahmood, M. A. (2004). Understanding determinants of online consumer satisfaction: a decision process perspective. Journal of Management Information Systems, 21(1), 115.
Lee, J., & Rao, H. R. (2007). Perceived risks, counter-beliefs, and intentions to use anti-/counter-terrorism websites: an exploratory study of government-citizens online interactions in a turbulent environment. Decision Support Systems, 43(4), 1431–1449.
Li, D., Browne, G. J., & Wetherbe, J. C. (2007). Online consumers' switching behavior: a buyer-seller relationship perspective. Journal of Electronic Commerce in Organizations, 5(1), 30.
Lim, K. H., Sia, C. L., Lee, M. K. O., & Benbasat, I. (2006). Do i trust you online, and if so, will i buy? An empirical study of two trust-building strategies. Journal of Management Information Systems, 23(2), 233–266.
Lopez-Nicolas, C., & Molina-Castillo, F. J. (2008). Customer knowledge management and E-commerce: the role of customer perceived risk. International Journal of Information Management, 28(2), 102.
Mathieson, K. (1991). Predicting user intentions: comparing the technology acceptance model with the theory of planned behavior. Information Systems Research, 2(3), 173–191.
Mayer, R. C., Davis, J. H., & Schoorman, F. D. (1995). An integration model of organizational trust. Academy of Management Review, 20(3), 709–734.
McClelland, V. (1987). Mixed signals breed mistrust. Personnel-Journal, 66(3), 24–27.
McKnight, D. H., Cummings, L. L., & Chervany, N. L. (1998). Initial trust formation in new organizational relationships. Academy of Management. The Academy of Management Review, 23(3), 473–490.
McKnight, D. H., Choudhury, V., & Kacmar, C. (2002). Developing and validating trust measures for e-commerce: an integrative typology. Information Systems Research, 13(3), 334–359.
McKnight, D. H., Charles, J. K., & Choudhury, V. (2004). Shifting factors and the ineffectiveness of third party assurance seals: a two-stage model of initial trust in a web business. Electronic Markets, 14(3), 252.
Moreno, K., Kida, T., & Smith, J. F. (2002). The impact of affective reactions on risky decision making in accounting contexts. Journal of Accounting Research, 40, 5.
Murphy, P. E., & Enis, B. M. (1986). Classifying products strategically. Journal of Marketing, 50(3), 24–42.
Oliver, R. L. (1980). A cognitive model for the antecedents and consequences of satisfaction. Journal of Marketing Research, 17, 460–469.
Pan, Y., & Zinkhan, G. M. (2006). Exploring the impact of online privacy disclosures on consumer trust. Journal of Retailing, 82(4), 331.
Park, C.-H., & Kim, Y.-G. (2003). Identifying key factors affecting consumer purchase behavior in an online shopping context. International Journal of Retail & Distribution Management, 31(1), 16.
Parthasarathy, M., & Bhattacherjee, A. (1998). Understanding post-adoption behavior in the context of online services. Information Systems Research, 9(4), 362–379.
Pavlou, P. A., Liang, H., & Xue, Y. (2007). Understanding and mitigating uncertainty in online exchange relationships: a principal-agent perspective. MIS Quarterly, 31(1), 105.
Podsakoff, P. M. (1986). Self-reports in organizational research: problems and prospects. [No]. Journal of Management, 12(4), 531–544.
Politzer, G., & Carles, L. (2001). Belief revision and uncertain reasoning. Thinking and Reasoning, 7(3), 217–234.
Rechardson, R. (2007). CSI survey 2007: The 12th annual computer crime and security survey. http://gocsi.com/forms/csi_survey.jhtml: Computer Security Institute.
Savage, L. J. (1954). The foundations of statistics. New York: Wiley.
Spiekermann, S., & Paraschiv, C. (2002). Motivating human-agent interaction: transferring insights from behavioral marketing to interface design. Electronic Commerce Research, 2(3), 255–285.
Stem, D. E., Jr., Lamb, C. W., Jr., & MacLachlan, D. L. (1977). Perceived risk: a synthesis. European Journal of Marketing, 11(4), 312.
Straub, D. W., & Welke, R. J. (1998). Coping with systems risk: security planning models for management decision making. MIS Quarterly, 22(4), 441–469.
Taylor, S., & Todd, P. A. (1995). Understanding information technology usage: a test of competing models. Information Systems Research, 6(2), 144–176.
Thatcher, J. B., & Perrewe, P. L. (2002). An empirical examination of individual traits as antecendents to computer anxiety and computer self-efficacy. MIS Quarterly, 26(4), 381–397.
Tsai, H.-T., & Huang, H.-C. (2007). Determinants of e-repurchase intentions: an integrative model of quadruple retention drivers. Information & Management, 44(3), 231.
Tversky, A. (1972). Elimination by aspects: a theory of choice. Psychological Review, 79, 281–299.
Tversky, A., & Kahneman, D. (1986). Rational choice and the framing of decisions. The Journal of Business (1986-1998), 59(4), IIS251.
Tversky, A., & Kahneman, D. (1992). Advances in prospect theory: cumulative representation of uncertainty. Journal of Risk and Uncertainty, 5(4), 297–323.
Tversky, A., Slovic, P., & Kahneman, D. (1990). The causes of preference reversal. The American Economic Review, 80(1), 204.
Venkatesh, V., & Agarwal, R. (2006). Turning visitors into customers: a usability-centric perspective on purchase behavior in electronic channels. Management Science, 52(3), 367.
Venkatesh, V., Morris, M. G., Davis, G. B., & Davis, F. D. (2003). User acceptance of information technology: toward a unified view. MIS Quarterly, 27(3), 425–478.
Wu, J.-H., & Wang, S.-C. (2005). What drives mobile commerce? An empirical evaluation of the revised technology acceptance model. Information & Management, 42, 719–729.
Xia, Y., Ahmed, Z. U., Stone, S., Wei, C. S., Eng, C. L., & Lian, H. L. (2008). Determinants of consumers' perceptions and attitudes towards assurance seals for internet marketing: an Asia Pacific marketing perspective. International Journal of Internet Marketing and Advertising, 4(2/3), 156.
Xie, E., Teo, H.-H., & Wan, W. (2006). Volunteering personal information on the internet: effects of reputation, privacy notices, and rewards on online consumer behavior. Marketing Letters, 17(1), 61.
Yang, B., & Lester, D. (2008). Reflections on rational choice—the existence of systematic irrationality. The Journal of Socio-Economics, 37, 1218–1233.
Zahedi, F. M., & Song, J. (2008). Dynamics of trust revision: using health infomediaries. Journal of Management Information Systems, 24(4), 225–248.
Zhang, H. (2005). Trust-promoting seals in electronic markets: impact on online shopping decisions. Journal of Information Technology Theory and Application, 6(4), 29.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lee, M., Lee, J. The impact of information security failure on customer behaviors: A study on a large-scale hacking incident on the internet. Inf Syst Front 14, 375–393 (2012). https://doi.org/10.1007/s10796-010-9253-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-010-9253-1