Abstract
Privacy and security incidents represent a serious threat for a company’s business success. While previous research in this area mainly investigated second-order effects (e.g., capital market reactions to privacy or security incidents), this study focuses on first-order effects, that is, the direct consumer reaction. In a laboratory experiment, the authors distinguish between the impact of privacy violations and security breaches on the subjects’ trust and behavior. They provide evidence for the so-called “privacy paradox” which describes that people’s intentions, with regard to privacy, differ from their actual behavior. While privacy is of prime importance for building trust, the actual behavior is affected less and customers value security higher when it comes to actual decision making. According to the results, consumers’ privacy related intention-behavior gap persists after the privacy breach occurred.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Allianz Global Investors (2010).
References
Ackerman M (2004) Privacy in pervasive environments: next generation labeling protocols. Personal and Ubiquitous Computing 8(6):430–439
Acquisti A, Friedman A, Telang R (2006) Is there a cost to privacy breaches? An event study. In: Proc 27th international conference on information systems, Milwaukee
Andoh-Baidoo FK, Amoako-Gyampah K, Osei-Bryson KM (2010) How Internet security breaches harm market value. IEEE Security and Privacy 8(1):36–42
Barber BM, Odean T (2001) Boys will be boys: gender, overconfidence, and common stock investment. Quarterly Journal of Economics 116(1):261–292
Belanger F, Hiller JS, Smith WJ (2002) Trustworthiness in electronic commerce: the role of privacy, security, and site attributes. Journal of Strategic Information Systems 11(3-4):245–270
Bellman S, Johnson EJ, Kobrin SJ, Lohse GL (2004) International differences in information privacy concerns: a global survey of consumers. Information Society 20(5):313–324
Berendt B, Günther O, Spiekermann S (2005) Privacy in e-commerce: stated preferences vs. actual behavior. Communications of the ACM 48(4):101–106
Berg J, Dickhaut J, McCabe K (1995) Trust, reciprocity, and social history. Games and Economic Behavior 10(1):122–142
Bhattacherjee A (2002) Individual trust in online firms: scale development and initial test. Journal of Management Information Systems 19(1):211–241
Bilton N, Stelter B (2011) Sony says PlayStation hacker got personal data. http://www.nytimes.com/2011/04/27/technology/27playstation.html?_r=0. Accessed 2013-09-23
Bolle F (1998) Rewarding trust: an experimental study. Theory and Decision 45(1):83–98
Buchan NR, Croson RTA, Solnick S (2008) Trust and gender: an examination of behavior and beliefs in the investment game. Journal of Economic Behavior & Organization 68:466–476
Campbell JY, Lo AW, MacKinlay AC (1997) The econometrics of financial markets. Princeton University Press, Princeton
Cavusoglu H, Mishra B, Raghunathan S (2004) The effect of Internet security breach announcements on market value: capital market reactions for breached firms and Internet security developers. International Journal of Electronic Commerce 9(1):69–104
Childers TL, Houston MJ (1984) Conditions for a picture-superiority effect on consumer memory. Journal of Consumer Research 11(2):643–654
Cho H, Rivera-Sánchez M, Lim SS (2009) A multinational study on online privacy: global concerns and local responses. New Media & Society 11(3):395–416
Cohn RA, Lewellen WG, Lease RC, Schlarbaum GG (1975) Individual investor risk aversion and investment portfolio composition. Journal of Finance 30(2):605–620
Culnan MJ (1993) How did they get my name? An exploratory investigation of consumer attitudes toward secondary information use. MIS Quarterly 17(3):341–364
Culnan MJ, Armstrong PK (1999) Information privacy concerns, procedural fairness, and impersonal trust: an empirical investigation. Organization Science 10(1):104–115
Culnan MJ, Williams CC (2009) How ethics can enhance organizational privacy: lessons from the choice point and TJX data breaches. MIS Quarterly 33(4):673–687
De Bondt WFM, Thaler R (1985) Does the stock market overreact? Journal of Finance 40(3):793–805
Dinev T, Bellotto M, Hart P, Russo V, Serra I, Colautti C (2006) Internet users’ privacy concerns and beliefs about government surveillance: an exploratory study of differences between Italy and the United States. Journal of Global Information Management 14:4:57–93
Dommeyer CJ, Gross BL (2003) What consumers know and what they do: an investigation of consumer knowledge, awareness, and use of protection strategies. Journal of Interactive Marketing 17(2):34–51
Eastlick MA, Lotz SL, Warrington P (2006) Understanding online B-to-C relationships: an integrated model of privacy concerns, trust, and commitment. Journal of Business Research 59(8):877–886
Forsythe R, Horowitz JL, Savin NE, Sefton M (1994) Fairness in simple bargaining experiments. Games and Economic Behavior 6(3):347–369
Foxman ER, Kilcoyne P (1993) Information technology, marketing practice, and consumer privacy: ethical issues. Journal of Public Policy & Marketing 12(1):106–119
Ganesan S (1994) Determinants of long-term orientation in buyer-seller relationships. Journal of Marketing 58(2):1–19
Gefen D (2000) E-commerce: the role of familiarity and trust. Omega 28(6):725–737
Gefen D, Karahanna E, Straub DW (2003) Trust and TAM in online shopping: an integrated model. MIS Quarterly 27(1):51–90
Gilbert JA, Tang TLP (1998) An examination of organizational trust antecedents. Public Personnel Management 27(3):321–338
Goodwin C (1991) Privacy: recognition of a consumer right. Journal of Public Policy & Marketing 10(1):149–166
Gorn GJ (1982) The effects of music in advertising on choice behavior: a classical conditioning approach. Journal of Marketing 46:94–101
Granovetter M (1985) Economic action and social structure: a theory of embeddedness. American Journal of Sociology 91(3):481–510
Greenaway KE, Chan YE (2005) Theoretical explanations for firms’ information privacy behavior. Journal of the Association for Information Systems 6(6):171–198
Hinz O, Hann IH, Spann M (2011) Price discrimination in e-commerce? An examination of dynamic pricing in name-your-own-price markets. MIS Quarterly 35(1):81–98
Hosmer LT (1995) Trust: the connecting link between organizational theory and philosophical ethics. Academy of Management Review 20(2):379–403
John LK, Acquisti A, Loewenstein G (2011) Strangers on a plane: context-dependent willingness to divulge sensitive information. Journal of Consumer Research 37(5):858–873
Johnson EJ, Tversky A (1983) Affect, generalization, and the perception of risk. Journal of Personality and Social Psychology 45(1):20–31
Kalakota R, Whinston AB (1996) Frontiers of electronic commerce. Addison-Wesley, Reading
Kee HW, Knox RE (1970) Conceptual and methodological considerations in the study of trust and suspicion. Journal of Conflict Resolution 14(3):357–366
Kelly H (2013) Twitter hacked; 250,000 accounts affected. http://edition.cnn.com/2013/02/01/tech/social-media/twitter-hacked/index.html. Accessed 2013-09-23
Kim DJ, Ferrin DL, Raghav Rao H (2008) A trust-based consumer decision-making model in electronic commerce: the role of trust, perceived risk, and their antecedents. Decision Support Systems 44(2):544–564
Liu C, Marchewka JT, Lu J, Yu C (2005) Beyond concern – a privacy-trust-behavioral intention model of electronic commerce. Information & Management 42(1):289–304
Luo X, Li H, Zhang J, Shim JP (2010) Examining multi-dimensional trust and multi-faceted risk in initial acceptance of emerging technologies: an empirical study of mobile banking services. Decision Support Systems 49(2):222–234
MacKinlay AC (1997) Event studies in economics and finance. Journal of Economic Literature 35(1):13–39
Mayer RC, Davis JH, Schoorman FD (1995) An integrative model of organizational trust. Academy of Management Review 20(3):709–734
McKnight DH, Chervany NL (2001–2002) What trust means in e-commerce customer relationships: an interdisciplinary conceptual typology. International Journal of Electronic Commerce 6(2):35–59
McKnight DH, Cummings LL, Chervany NL (1998) Initial trust formation in new organizational relationships. Academy of Management Review 23(3):473–490
McKnight DH, Choudhury V, Kacmar C (2002) The impact of initial consumer trust on intentions to transact with a web site: a trust building model. Journal of Strategic Information Systems 11(3–4):297–323
Milberg SJ, Burke SJ, Smith HJ, Kallman EA (1995) Values, personal information, privacy and regulatory approaches. Communications of the ACM 38(12):65–74
Milberg SJ, Smith HJ, Burke SJ (2000) Information privacy: corporate management and national regulation. Organization Science 11(1):35–57
Milne GR, Boza ME (1999) Trust and concern in consumers’ perceptions of marketing information management practices. Journal of Interactive Marketing 13(1):5–24
Morales L (2011) Google and Facebook users skew young, affluent, and educated. http://www.gallup.com/poll/146159/facebook-google-users-skew-young-affluent-educated.aspx. Accessed 2013-09-23
Norberg PA, Horne DR, Horne AA (2007) The privacy paradox: personal information disclosure intentions versus behaviors. The Journal of Consumer Affairs 41(1):100–126
Pavlou PA, Gefen D (2004) Building effective online marketplaces with institution-based trust. Information Systems Research 15(1):37–59
Phelps J (2000) Privacy concerns and consumer willingness to provide personal information. Journal of Public Policy & Marketing 19(1):27–41
Prosser WL (1960) Privacy. California Law Review 48(3):383–423
Rotter JB (1971) Generalized expectancies for interpersonal trust. American Psychologist 26(5):443–452
Rousseau DM, Sitkin SB, Burt RS, Camerer C (1998) Not so different after all: a cross-discipline view of trust. Academy of Management Review 23(3):393–404
Schwartz N, Clore GL (1983) Mood, misattribution, and judgments of well-being: informative and directive functions of affective states. Journal of Personality and Social Psychology 45(3):513–523
Silveira V (2012) Taking steps to protect our members. http://blog.linkedin.com/2012/06/07/taking-steps-to-protect-our-members/. Accessed: 2013-09-23
Singh T, Hill ME (2003) Consumer privacy and the Internet in Europe: a view from Germany. Journal of Consumer Marketing 20(7):634–651
Smith HJ, Milberg SJ, Burke SJ (1996) Information privacy: measuring individuals’ concerns about organizational practices. MIS Quarterly 20(2):167–196
Smith HJ, Dinev T, Xu H (2011) Information privacy research: an interdisciplinary review. MIS Quarterly 35(4):989–1015
Solove DJ (2006) A taxonomy of privacy. University of Pennsylvania Law Review 154(3):477–560
Spiekermann S, Grossklags J, Berendt B (2001) E-privacy in second generation e-commerce: privacy preferences versus actual behavior. In: Proc 3rd ACM conference on electronic commerce, New York
Statman M (1999) Behavioral finance: past battle and future engagements. Financial Analysts Journal 55(6):18–27
Straub DW, Collins RW (1990) Key information liability issues facing managers: software piracy, proprietary databases, and individual rights to privacy. MIS Quarterly 14(2):143–156
Suh B, Han I (2003) The impact of customer trust and perception of security control on the acceptance of electronic commerce. International Journal of Electronic Commerce 7(3):135–161
Tsai J, Egelman S, Cranor L, Acquisti A (2011) The effect of online privacy information on purchasing behavior: an experimental study. Information Systems Research 22(2):254–268
Westin A (1967) Privacy and freedom. Atheneum Books, New York
Woodman RW, Ganster DC, Adams J, McCuddy MK, Tolchinsky PD, Fromkin H (1982) A survey of employee perceptions of information privacy in organizations. Academy of Management Journal 25(3):647–663
Yoon E, Guffey HJ, Kijewski V (1993) The effects of information and company reputation on intentions to buy a business service. Journal of Business Research 27(3):215–228
Zellner A (1962) An efficient method of estimating seemingly unrelated regressions and tests for aggregation bias. Journal of the American Statistical Association 57(298):348–368
Author information
Authors and Affiliations
Corresponding author
Additional information
Accepted after one revision by Prof. Dr. Karagiannis.
This article is also available in German in print and via http://www.wirtschaftsinformatik.de: Nofer M, Hinz O, Muntermann J, Roßnagel H (2014) Der ökonomische Einfluss von Privacyverletzungen und Securityvorfällen. Ein Laborexperiment. WIRTSCHAFTSINFORMATIK. doi: 10.1007/s11576-014-0440-4.
Electronic Supplementary Material
Below is the link to the electronic supplementary material.
Rights and permissions
About this article
Cite this article
Nofer, M., Hinz, O., Muntermann, J. et al. The Economic Impact of Privacy Violations and Security Breaches. Bus Inf Syst Eng 6, 339–348 (2014). https://doi.org/10.1007/s12599-014-0351-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12599-014-0351-3