Paper Number
ECIS2025-1297
Paper Type
CRP
Abstract
The occurrence of data breaches continues to increase in frequency and severity. Organizations have a pressing need for solid crisis communication strategies that address stakeholder concerns to protect their reputation and financial performance. While past research has examined a subset of specific response strategies, the full spectrum of strategies—and their concurrent use—remain unknown. This research fills this gap by analyzing 7,941 U.S. breach disclosures through a Situational Crisis Communication Theory perspective using computational topic modeling. Eighteen combinations of response strategies were identified. Firms adopt a layered approach, combining compensation and victimage with apologies, justification, and excuses to acknowledge harm while framing themselves as victims of sophisticated attacks. The limited use of denial strategies suggests a preference for maintaining trust and transparency. This study offers a detailed empirical foundation for understanding how firms communicate in response to data breaches. Practitioners can leverage these insights to strengthen stakeholder relations and minimize damage, while researchers are encouraged to explore the impact of combined response strategies in diverse breach contexts.
Recommended Citation
Jechle, Deinera; Schuetz, Sebastian; and Gewald, Heiko, "Decoding Data Breach Response Strategies: Insights from Situational Crisis Communication Theory using Topic Modeling" (2025). ECIS 2025 Proceedings. 2.
https://aisel.aisnet.org/ecis2025/security/security/2
Decoding Data Breach Response Strategies: Insights from Situational Crisis Communication Theory using Topic Modeling
The occurrence of data breaches continues to increase in frequency and severity. Organizations have a pressing need for solid crisis communication strategies that address stakeholder concerns to protect their reputation and financial performance. While past research has examined a subset of specific response strategies, the full spectrum of strategies—and their concurrent use—remain unknown. This research fills this gap by analyzing 7,941 U.S. breach disclosures through a Situational Crisis Communication Theory perspective using computational topic modeling. Eighteen combinations of response strategies were identified. Firms adopt a layered approach, combining compensation and victimage with apologies, justification, and excuses to acknowledge harm while framing themselves as victims of sophisticated attacks. The limited use of denial strategies suggests a preference for maintaining trust and transparency. This study offers a detailed empirical foundation for understanding how firms communicate in response to data breaches. Practitioners can leverage these insights to strengthen stakeholder relations and minimize damage, while researchers are encouraged to explore the impact of combined response strategies in diverse breach contexts.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.