Paper Type
ERF
Abstract
Given the magnitude of security incidents, organizations typically put into place security measures. Nonetheless, data breaches still occur, leading to substantial negative consequences for customer users and organizations. While breached organizations will often reach out to the impacted customers to notify them of the incident and recommend protective measures, many users do not embrace those recommendations. As a result, the impacts become more dire. In this emergent research forum (ERF) paper, we build upon the information systems (IS) literature to put forth a theoretical framework that distinguishes between different taxa of inaction – unawareness, deliberate ignorance, and impotence. We propose a model to test specific antecedents for each taxon. This work paves the way for future research and informs the development of targeted post-breach communications.
Paper Number
1523
Recommended Citation
Falahati, Arman; Lapointe, Liette; and Rivard, Suzanne, "Investigating User Inaction in Post-Breach Situations" (2025). AMCIS 2025 Proceedings. 25.
https://aisel.aisnet.org/amcis2025/sig_sec/sig_sec/25
Investigating User Inaction in Post-Breach Situations
Given the magnitude of security incidents, organizations typically put into place security measures. Nonetheless, data breaches still occur, leading to substantial negative consequences for customer users and organizations. While breached organizations will often reach out to the impacted customers to notify them of the incident and recommend protective measures, many users do not embrace those recommendations. As a result, the impacts become more dire. In this emergent research forum (ERF) paper, we build upon the information systems (IS) literature to put forth a theoretical framework that distinguishes between different taxa of inaction – unawareness, deliberate ignorance, and impotence. We propose a model to test specific antecedents for each taxon. This work paves the way for future research and informs the development of targeted post-breach communications.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC