skip to main content
article

Data Breaches: An Empirical Study of the Effect of Monitoring Services

Published: 16 November 2022 Publication History

Abstract

Recent events have shown that online booking is vulnerable to hacking incidents such as data breaches. The primary purpose of this study is to investigate the effect of the risky decision-making factors on consumer post breach behavior. After a data breach, most of the companies offer monitoring services to restore customer trust and encourage them for future purchases. However, little research has been done to understand the impact of these monitoring services on consumer behavior. In this study, we examine whether monitoring services can mitigate the impact of risk perception on online booking. We utilized the Marriott data breach of November 2018 as the context. We manipulate data breach severity in our vignettes. The research model was tested using data gathered from 298 Mechanical Turk respondents. Our vignette-based survey design allowed us to incorporate situational details thought to be important in risky decision-making in a data breach context. We found strong support for our research model including the positive moderating effect of company suggested monitoring on online booking intention. The findings of this study could help firms in developing more influential post-breach monitoring services.

References

[1]
Acquisti, A., Friedman, A., & Telang, R. (2006). Is there a cost to privacy breaches? An event study. In Proceedings of International Conference on Information Systems (ICIS), 94.
[2]
Aivazpour, Z., & Beebe, N. (2018). Cyberbullying: Investigating the Roles of Power and Communication Medium. In Proceedings of American Conference on Information Systems (AMCIS). New Orleans, LA.
[3]
Akanfe, O., Valecha, R., & Rao, H. R. (2020). Assessing country-level privacy risk for digital payment systems. Computers & Security, 99, 102065.
[4]
Bachura, E., Valecha, R., Chen, R., & Rao, H. R. (2017). Data breaches and the individual: An exploratory study of the OPM hack. In Proceedings of International Conference on Information Systems (ICIS). Seoul, South Korea.
[5]
Bachura, E., Valecha, R., Chen, R., & Rao, R. H. (2017). Modeling public response to data breaches. In Proceedings of American Conference on Information Systems (AMCIS). Boston, MA.
[6]
Berezina, K., Cobanoglu, C., Miller, B. L., & Kwansa, F. A. (2012). The impact of information security breach on hotel guest perception of service quality, satisfaction, revisit intentions and word-of-mouth. International Journal of Contemporary Hospitality Management, 24(7), 991--1010.
[7]
Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1), 70--104.
[8]
Chakraborty, R., Lee, J., Bagchi-Sen, S., Upadhyaya, S., & Rao, H. R. (2016). Online shopping intention in the context of data breach in online retail stores: An examination of older and younger adults. Decision Support Systems, 83, 47--56.
[9]
Chen, R., Rao, H. R., & Valecha, R. (2016). Response to the office of personnel management data breaches: A conceptual exploration. In Proceedings of American Conference on Information Systems (AMCIS), San Diego, CA.
[10]
Chin, W. W. (1998). The partial least squares approach to structural equation modeling. Modern methods for business research, 295(2), 295--336.
[11]
Chiu, C. M., Chang, C. C., Cheng, H. L., & Fang, Y. H. (2009). Determinants of customer repurchase intention in online shopping. Online Information Review.
[12]
Cismaru, M., Cismaru, R., Ono, T., & Nelson, K. (2011). "Act on climate change": An application of protection motivation theory. Social Marketing Quarterly, 17(3), 62--84.
[13]
Cobanoglu, C. & DeMicco, F.J. (2007). To be secure or not to be: isn't this the question? A critical look at hotels' network security, International Journal of Hospitality & Tourism Administration, 8 (1), 43--59.
[14]
Crossler, R. E. (2010, January). Protection motivation theory: Understanding determinants to backing up personal data. In 2010 43rd Hawaii International Conference on System Sciences (1--10). IEEE.
[15]
Dickinger, A., & Mazanec, J. (2008). Consumers' preferred criteria for hotel online booking. Information and Communication Technologies in Tourism, 244--254.
[16]
Dubé, L., & Renaghan, L. M. (2000). Creating visible customer value: How customers view best-practice champions. Cornell Hotel and Restaurant Administration Quarterly, 41(1), 62--72.
[17]
Floyd, D. L., Prentice?Dunn, S., & Rogers, R. W. (2000). A metaanalysis of research on protection motivation theory. Journal of Applied Social Psychology, 30(2), 407--429.
[18]
Fornell, C. & Larcker, D.F. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18(1), 39--50.
[19]
Fornell, C., & Bookstein, F.L. (1982). Two structural equation models: LISREL and PLS applied to consumer exit-voice theory. Journal of Marketing Research, 19(4), 440--452.
[20]
Garg, A., Curtis, J., & Halper, H. (2003). Quantifying the financial impact of IT security breaches. Information Management & Computer Security, 11(2), 74--83.
[21]
Gatzlaff, K. M., & McCullough, K. A. (2010). The effect of data breaches on shareholder wealth. Risk Management and Insurance Review, 13(1), 61--83.
[22]
Gelbrich, K. (2010). Anger, frustration, and helplessness after service failure: coping strategies and effective informational support. Journal of the Academy of Marketing Science, 38(5), 567--585.
[23]
Goode, S., Hoehle, H., Venkatesh, V., & Brown, S. A. (2017). User compensation as a data breach recovery action: An investigation of the Sony PlayStation network breach. MIS Quarterly, 41(3).
[24]
Grothmann, T., & Reusswig, F. (2006). People at risk of flooding: Why some residents take precautionary action while others do not. Natural Hazards, 38(1), 101--120.
[25]
IRTC. (2016). Data Breaches. In: Identity Theft Resource Center. San Diego, CA.
[26]
Ives, B., Walsh, K. R., & Schneider, H. (2004). The domino effect of password reuse. Communications of the ACM, 47(4), 75--78.
[27]
Janakiraman, R., Lim, J. H., & Rishika, R. (2018). The effect of a data breach announcement on customer behavior: Evidence from a multichannel retailer. Journal of Marketing, 82(2), 85--105.
[28]
Jarvenpaa, S. L., Tractinsky, N., & Vitale, M. (2000). Consumer trust in an Internet store. Information Technology and Management, 1(1--2), 45--71.
[29]
Kahneman, D., & Miller, D. T. (1986). Norm theory: Comparing reality to its alternatives. Psychological Review, 93(2), 136.
[30]
Kahneman, D., & Tversky, A. (1979). On the interpretation of intuitive probability: A reply to Jonathan Cohen.
[31]
Kahneman, D., & Tversky, A. (1986). Rational choice and the framing of decisions. Journal of Business, 59(4), 251--278.
[32]
Keil, M., Wallace, L., Turk, D., Dixon-Randall, G., & Nulden, U. (2000). An investigation of risk perception and risk propensity on the decision to continue a software development project. Journal of Systems and Software, 53(2), 145--157.
[33]
Khalifa, M., & Limayem, M. (2003). Drivers of Internet shopping. Communications of the ACM, 46(12), 233--239.
[34]
Kim, D. J., Ferrin, D. L., & Rao, H. R. (2009). Trust and satisfaction, two stepping stones for successful e-commerce relationships: A longitudinal exploration. Information Systems Research, 20(2), 237--257.
[35]
Kim, Y., & Peterson, R. A. (2017). A Meta-analysis of online trust relationships in E-commerce. Journal of Interactive Marketing, 38, 44--54.
[36]
Kisekka, Victoria, Sharmistha Bagchi-Sen, &H. Raghav Rao. (2013). Extent of private information disclosure on online social networks: An exploration of Facebook mobile phone users. Computers in Human Behavior, 29 (6): 2722--2729.
[37]
Lauder, W. (2002). Factorial survey methods: A valuable but under-utilized research method in nursing research?. NT Research, 7(1), 35--43.
[38]
Lee, E., & Lee, B. (2012). Herding behavior in online P2P lending: An empirical investigation. Electronic Commerce Research and Applications, 11(5), 495--503.
[39]
Leidner, D. E. (2020). What's in a contribution?. Journal of the Association for Information Systems, 21(1), 2.
[40]
Lien, C. H., Wen, M. J., Huang, L. C., & Wu, K. L. (2015). Online hotel booking: The effects of brand image, price, trust and value on purchase intentions. Asia Pacific Management Review, 20(4), 210--218.
[41]
Lindell, M. K., & Perry, R. W. (2000). Household adjustment to earthquake hazard: A review of research. Environment and Behavior, 32(4), 461--501.
[42]
low probability catastrophic events. The Columbia Journal of World Business, 22, 13--21.
[43]
Malhotra, A., & Kubowicz Malhotra, C. (2011). Evaluating customer information breaches as service failures: An event study approach. Journal of Service Research, 14(1), 44--59.
[44]
Malhotra, N. K., Kim, S. S., & Patil, A. (2006). Common method variance in IS research: A comparison of alternative approaches and a reanalysis of past research. Management Science, 52(12), 1865--1883.
[45]
Mark, N. C. (2000). International macroeconomics and finance theory and empirical methods.
[46]
Martin, W. E., Martin, I. M., & Kent, B. (2009). The role of risk perceptions in the risk mitigation process: the case of wildfire in high risk communities. Journal of Environmental Management, 91(2), 489--498.
[47]
Mattila, A. S., & Patterson, P. G. (2004). The impact of culture on consumers' perceptions of service recovery efforts. Journal of Retailing, 80(3), 196--206.
[48]
Sorensen, J. H., & Mileti, D. S. (1987). Decision making uncertainties in emergency warning system organizations. International Journal of Mass Emergencies and Disasters, 5(1), 33--61.
[49]
Nunnally, J.C. (1978). Psychometric Theory, 2nd ed. New York: McGraw-Hill.
[50]
Park, I., Sharman, R., & Rao, H. R. (2015). Disaster experience and hospital information systems: An examination of perceived information assurance, risk, resilience, and his usefulness. Journal of Consumer Research, 12(4), 382--405.
[51]
Pavlou, P. A. (2003). Consumer acceptance of electronic commerce: Integrating trust and risk with the technology acceptance model. International Journal of Electronic Commerce, 7(3), 101--134.
[52]
Podsakoff, P. M., MacKenzie, S. B., Lee, J. Y., & Podsakoff, N. P. (2003). Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology, 88(5), 879.
[53]
Ponemon Institute.(2015). 2014: A Year of Mega Breaches.
[54]
Rao, H. R., Vemprala, N., Akello, P., & Valecha, R. (2020). Retweets of officials' alarming vs reassuring messages during the COVID-19 pandemic: Implications for crisis management. International Journal of Information Management, 55, 102187.
[55]
Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change1. The Journal of Psychology, 91(1), 93--114.
[56]
Romanosky, S., Telang, R., & Acquisti, A. (2011). Do data breach disclosure laws reduce identity theft?. Journal of Policy Analysis and Management, 30(2), 256--286.
[57]
Sheeran, P., Gollwitzer, P. M., & Bargh, J. A. (2013). Nonconscious processes and health. Health Psychology, 32(5), 460.
[58]
Simmering, M. J., Fuller, C. M., Richardson, H. A., Ocal, Y., & Atinc, G. M. (2015). Marker variable choice, reporting, and interpretation in the detection of common method variance: A review and demonstration. Organizational Research Methods, 18(3), 473--511.
[59]
Siponen, M., & Vance, A. (2010). Neutralization: new insights into the problem of employee information systems security policy violations. MIS Quarterly, 487--502.
[60]
Sitkin, S. B., & Pablo, A. L. (1992). Reconceptualizing the determinants of risk behavior. Academy of Management Review, 17(1), 9--38.
[61]
Sitkin, S. B., & Weingart, L. R. (1995). Determinants of risky decision-making behavior: A test of the mediating role of risk perceptions and propensity. Academy of Management Journal, 38(6), 1573--1592.
[62]
Slovic, P. (1987). Perception of risk. Science, 236(4799), 280--285.
[63]
Spanos, G., & Angelis, L. (2016). The impact of information security events to the stock market: A systematic literature review. Computers & Security, 58, 216--229.
[64]
Sparks, B. A., & Browning, V. (2011). The impact of online reviews on hotel booking intentions and perception of trust. Tourism Management, 32(6), 1310--1323.
[65]
Stiennon, R. (2013). Categorizing data breach severity with a breach level index. URL: https://breachlevelindex. com/pdf/Breach-Level-Index-WP.
[66]
Valecha, R., Bachura, E., Chen, R., & Rao, H. R. (2016, December). An exploration of public reaction to the OPM data breach notifications. In Workshop on E-Business (185--191). Springer, Cham.
[67]
Wallander, L. (2009). 25 years of factorial surveys in sociology: A review. Social science research, 38(3), 505--520.
[68]
Weber, E. U., Blais, A. R., & Betz, N. E. (2002). A domain'specific risk?attitude scale: Measuring risk perceptions and risk behaviors. Journal of Behavioral Decision Making, 15(4), 263--290.
[69]
Williams, C. A. (1966). Attitudes toward speculative risks as an indicator of attitudes toward pure risks. The Journal of Risk and Insurance, 33(4), 577--586.
[70]
Williams, Lynn, et al. (2015). Protection motivation theory and social distancing behavior in response to a simulated infectious disease epidemic. Psychology, Health & Medicine, 20(7), 832--837.
[71]
Wu, L., Chiu, M. L., & Chen, K. W. (2020). Defining the determinants of online impulse buying through a shopping process of integrating perceived risk, expectation-confirmation model, and flow theory issues. International Journal of Information Management, 52, 102099.
[72]
Ye, Q., Law, R., & Gu, B. (2009). The impact of online user reviews on hotel room sales. International Journal of Hospitality Management, 28(1), 180--182.

Cited By

View all
  • (2024)Data Security and Privacy in the Age of AI and Digital TwinsDigital Twin Technology and AI Implementations in Future-Focused Businesses10.4018/979-8-3693-1818-8.ch008(99-124)Online publication date: 4-Jan-2024
  • (2024)CQUPT-HDS: Health Big Data Security Monitoring Scheme for the Whole Life Cycle2024 IEEE International Conference on Medical Artificial Intelligence (MedAI)10.1109/MedAI62885.2024.00069(476-481)Online publication date: 15-Nov-2024
  • (2024)A Comprehensive Survey: Evaluating the Efficiency of Artificial Intelligence and Machine Learning Techniques on Cyber Security SolutionsIEEE Access10.1109/ACCESS.2024.335554712(12229-12256)Online publication date: 2024
  • Show More Cited By

Index Terms

  1. Data Breaches: An Empirical Study of the Effect of Monitoring Services

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM SIGMIS Database: the DATABASE for Advances in Information Systems
    ACM SIGMIS Database: the DATABASE for Advances in Information Systems  Volume 53, Issue 4
    November 2022
    87 pages
    ISSN:0095-0033
    EISSN:1532-0936
    DOI:10.1145/3571823
    Issue’s Table of Contents
    Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 16 November 2022
    Published in SIGMIS Volume 53, Issue 4

    Check for updates

    Author Tags

    1. breach severity
    2. data breach
    3. monitoring services
    4. online booking, risk perception

    Qualifiers

    • Article

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)321
    • Downloads (Last 6 weeks)6
    Reflects downloads up to 17 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Data Security and Privacy in the Age of AI and Digital TwinsDigital Twin Technology and AI Implementations in Future-Focused Businesses10.4018/979-8-3693-1818-8.ch008(99-124)Online publication date: 4-Jan-2024
    • (2024)CQUPT-HDS: Health Big Data Security Monitoring Scheme for the Whole Life Cycle2024 IEEE International Conference on Medical Artificial Intelligence (MedAI)10.1109/MedAI62885.2024.00069(476-481)Online publication date: 15-Nov-2024
    • (2024)A Comprehensive Survey: Evaluating the Efficiency of Artificial Intelligence and Machine Learning Techniques on Cyber Security SolutionsIEEE Access10.1109/ACCESS.2024.335554712(12229-12256)Online publication date: 2024
    • (2024)Digital Innovation of Cloud Computing in AmazonAdvanced Manufacturing and Automation XIII10.1007/978-981-97-0665-5_53(407-412)Online publication date: 25-Feb-2024

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media