The Effect of Perceived Warning Message Characteristics on Coping Responses in Data Breach Scenarios

Date

2018

Authors

Talebi, Nasim

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Data breaches are becoming more frequent as many companies rely on digital ways of interaction with their customers as well as digital payment methods, which makes them an attractive target for cyber-criminals. As a consequence of increasing efforts by these cyber-criminals to target company databases, major security breaches can be observed that result in both financial and non-financial losses like customer trust and loyalty. A business sector heavily relying on customer trust is the hospitality industry. On 18 April 2017, 1000 of Intercontinental Hotels Group (IHG) hotels were affected by a security breach, leading to sensitive customer data being compromised. In order to minimize the legal and reputational consequences of this data breach, IHG circulated several messages informing affected parties of the breach. This is common practice among companies experiencing data breaches. Although companies rely on customers protecting themselves as a result of receiving such warning messages, customers often simply do not engage in taking protective action. Prior security literature suggests several possible reasons for this, such as a lack of perceived efficacy to effectively deal with the threat. However, the role of warning message characteristics, such as cognitive and affective characteristics and the tone of the message has thus far not been investigated in the security domain. In the current study, we investigate the effects of those perceived warning message characteristics in the context of the IHG data breach. We draw on prominent theoretical models from the security domain and expand a collection of their main constructs with perceived warning message characteristics. In a survey-based study among 252 U.S. respondents from a broad demographic base who have stayed at an IHG affiliated company, thus being an at-risk population for the effect of the data breach, we investigate how perceived message characteristics are related to coping behaviors of individuals. In addition, data was collected among 182 individuals who have not stayed at any IHG affiliated brands during the breach time span. Results indicate that companies can focus on negative message tone of warning messages and use detailed descriptions of the threats.

Description

This item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.

Keywords

Communication, Cyber Security, Data Breach, Message Characteristics

Citation

Department

Information Systems and Cyber Security