Paper Number
ICIS2025-2049
Paper Type
Short
Abstract
This study investigates the effectiveness of data breach response strategies through the lens of Situational Crisis Communication Theory (SCCT). We focus on how organizational responses (corrective action, compensation, and apology) and contextual factors (temporal distance and notification) influence customer continuance intention after a data breach. To test these effects, we conducted a vignette-based factorial survey experiment with 422 participants, where breach-response scenarios were systematically varied to capture the impact of different strategies under controlled conditions. The findings indicate that corrective action, compensation, and notification significantly enhance customer continuance intention, whereas apologies and temporal distance show no significant effect. By extending SCCT to the domain of data privacy incidents, this study highlights the unique dynamics of customer reactions to information security crises. The results provide both theoretical insights and practical guidance for organizations on how to design effective communication strategies following data breaches.
Recommended Citation
Li, Meng (Leah); Avik, Suranjeet Chowdhury; Warkentin, Merrill; Lancelot-Miltgen, Caroline; and Breazeale, Michael, "Understanding Effective Data Breach Response Strategies through the Lens of the Situational Crisis Communication Theory" (2025). ICIS 2025 Proceedings. 12.
https://aisel.aisnet.org/icis2025/cyb_security/cyb_security/12
Understanding Effective Data Breach Response Strategies through the Lens of the Situational Crisis Communication Theory
This study investigates the effectiveness of data breach response strategies through the lens of Situational Crisis Communication Theory (SCCT). We focus on how organizational responses (corrective action, compensation, and apology) and contextual factors (temporal distance and notification) influence customer continuance intention after a data breach. To test these effects, we conducted a vignette-based factorial survey experiment with 422 participants, where breach-response scenarios were systematically varied to capture the impact of different strategies under controlled conditions. The findings indicate that corrective action, compensation, and notification significantly enhance customer continuance intention, whereas apologies and temporal distance show no significant effect. By extending SCCT to the domain of data privacy incidents, this study highlights the unique dynamics of customer reactions to information security crises. The results provide both theoretical insights and practical guidance for organizations on how to design effective communication strategies following data breaches.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
09-Cybersecurity