Do Data Breaches Affect Our Beliefs? — Investigating Reputation Risk in Social Media
Full text | |||
Source | Journal of Information Systems Security Volume 13, Number 2 (2017)
Pages 97–116
ISSN 1551-0123 (Print)ISSN 1551-0808 (Online) |
||
Authors | Griselda Sinanaj — University of Göttingen, Germany
Frederick Beyer — University of Göttingen, Germany
|
||
Publisher | Information Institute Publishing, Washington DC, USA |
Abstract
Data and privacy breaches have turned into a constant threat for every organization and continue to increase from year to year. In research and practice, one of the fundamental problems regarding data breach incidents is the limited knowledge on their economic and organizational consequences. Several studies have shown that firms having experienced data breach events suffer substantial losses in their market value. Data breaches can also damage corporate reputation, yet this aspect is still understudied and the empirical evidence not sufficient. To fill this knowledge gap, this study investigates the impact of data breaches on social media with the scope of measuring the repercussion on reputation. As hypothesized, data breaches have an adverse impact on corporate reputation. Furthermore, we found that the impact of data breaches on reputation depends on the news media exposure of the breach incident and on the breach history of each firm. Specifically, data breach events announced through news media cause a stronger negative impact on reputation than data breach incidents not publicized in news media. In addition, companies which have already experienced in the past data breach events suffer greater reputational losses than firms who experience for the first time a data breach incident.
Keywords
Data Breaches, Corporate Reputation, Social Media, Drivers, Sentiment Analysis
References
Acquisti, A., Friedman, A., and Telang, R. (2006). Is there a cost to privacy breaches? An event study. In Proceedings of the 21st International Conference on Information Systems (ICIS), Milwaukee, Wisconsin, 1563–1580.
Barney, J. B., and Clark, D. N. (2007). Resource-based theory: Creating and sustaining competitive advantage. Oxford: Oxford University Press.
Benthaus, J., Pahlke, I., Beck, R. and Seebach, C. (2013). Improving sensing and seizing capabilities of a firm by measuring corporate reputation based on social media data. In Proceedings of the 21st European Conference on Information Systems (ECIS), Utrecht, Holland, 1-12.
Bollen, J., Mao, H., and Zeng, X. (2011). Twitter mood predicts the stock market. Journal of Computational Science, 2(1), 1-8.
Bollen, J., Mao, H., and Pepe, A. (2011a). Modeling public mood and emotion: Twitter sentiment and socio-economic phenomena. In Proceedings of the Fifth International AAAI Conference on Weblogs and Social Media (ICWSM 2011), Barcelona, 450- 453.
Cambria, E., and Hussain, A. (2012). Sentic computing: Techniques, tools, and applications (Vol. 2). Springer Science & Business Media.
Cavusoglu, H., Mishra, B., and Raghunathan, S. (2004). The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1), 70–104.
Cha, M., Haddadi, H., Benevenuto, F., and Gummadi, P. K. (2010). Measuring user influence in Twitter: The million follower fallacy. In Proceedings of the 4th International Conference on Weblogs and Social Media (ICWSM), Washington, 0–17.
Clardy, A. (2012). Organizational reputation: Issues in conceptualization and measurement. Corporate Reputation Review, 15(4), 285–303.
Coombs, W. T. (2004). Impact of past crises on current crisis communication: Insights from Situational Crisis Communication Theory. Journal of Business Communication, 41(3), 265–289.
Coombs, W. T. (2007). Protecting organization reputations during a crisis: The development and application of Situational Crisis Communication Theory. Corporate Reputation Review, 10(3), 163–176.
Coombs, W. T. (2007a). Attribution theory as a guide for post-crisis communication research. Public Relations Review, 33(2), 135-139.
Cowan, A. R. (1992). Nonparametric event study tests. Review of Quantitative Finance and Accounting, 2(4), 343-358.
Deloitte (2016). Cyber crisis management: Readiness, response, and recovery. https://www2.deloitte.com/global/en/pages/risk/articles/cyber-crisis-anagement.html (Last accessed on March 14th 2017).
Dijkmans, C., Kerkhof, P., Buyukcan‐Tetik, A., and Beukeboom, C. J. (2015). Online conversation and corporate reputation: A two‐wave longitudinal study on the effects of exposure to the social media activities of a highly interactive company. Journal of Computer-Mediated Communication, 20(6), 632-648.
Experian (2016). Third annual data breach industry forecast. http://www.experian.com/assets/data-breach/white-papers/2016-experian-data-breach-industry-forecast.pdf, (Last accessed on December 2nd 2016).
Floreddu, P. B., Cabiddu, F., and Evaristo, R. (2014). Inside your social media ring: How to optimize online corporate reputation. Business Horizons, 57(6), 737-745.
Fombrun, C. J., Gardberg, N. A., and Sever, J. M. (2000). The Reputation QuotientTM: A multi-stakeholder measure of corporate reputation. Journal of Brand Management, 7(4), 241–255.
Fombrun, C., and Shanley, M. (1990). What's in a name? Reputation building and corporate strategy. Academy of management Journal, 33(2), 233-258.
Fortune (2016). http://fortune.com/worlds-most-admired-companies/. (Last accessed on May 1st 2016).
Gatzlaff, K. M., and McCullough, K. A. (2010). The effect of data breaches on shareholder wealth. Risk Management and Insurance Review, 13(1), 61–83.
Goel, S., and Shawky, H. A. (2009). Estimating the market impact of security breach announcements on firm values. Information & Management, 46(7), 404–410.
Goldstein, J., Chernobai, A., and Michel Benaroch. (2011). An event study analysis of the economic impact of IT operational risk and its subcategories. Journal of the Association for Information Systems, 12(9), 606–631.
Greene, W. H. (2012). Econometric Analysis, 7th Edition, Pearson Education, Essex.
Gupta, U., and Ranganathan, N. (2007). Multievent crisis management using noncooperative multistep games. IEEE Transactions on Computers, 56(5), 577-589.
Hasan, R., and Yurcik, W. (2006). A statistical analysis of disclosed storage security breaches. In Proceedings of the second ACM workshop on storage security and survivability, 1-8.
Helm, S. (2005). Designing a formative measure for corporate reputation. Corporate Reputation Review, 8(2), 95–109.
Hovav, A., and D’Arcy, J. (2003). The impact of denial-of-service attack announcements on the market value of firms. Risk Management and Insurance Review, 6(2), 97–121.
Huang-Horowitz, N. C., and Freberg, K. (2016). Bridging organizational identity and reputation messages online: A conceptual model. Corporate Communications: An International Journal, 21(2), 195-212.
Hutton, C. (1986). America’s most admired corporations. Fortune, 113(1), 16–22.
Ishiguro, M., Tanaka, H., Matsuura, K., and Murase, I. (2006). The effect of information security incidents on corporate values in the Japanese stock market. In Proceedings of the Workshop on the Economics of Securing the Information Infrastructure (WESII), Washington, D.C.
Jones, G. H., Jones, B. H., and Little, P. (2000). Reputation as reservoir: Buffering against loss in times of economic crisis. Corporate Reputation Review, 3(1), 21–29.
Kietzmann, J. H., Hermkens, K., McCarthy, I. P., and Silvestre, B. S. (2011). Social media? Get serious! Understanding the functional building blocks of social media. Business Horizons, 54(3), 241–251.
Liu, B. (2010). Sentiment analysis: A multi-faceted problem. IEEE Intelligent Systems, 25(3), 76–80.
Nielsen, F. (2011). A new ANEW: Evaluation of a word list for sentiment analysis in microblogs. In Proceedings of the ESWC2011 Workshop on 'Making Sense of Microposts', Heraklion, Greece, 93-98.
O’Connor, B., Balasubramanyan, R., Routledge, B. R., and Smith, N. A. (2010). From tweets to polls: Linking text sentiment to public opinion series. In Proceedings of the Fourth International Conference on Weblogs and Social Media, Washington, D.C., 122–129.
Privacy Rights Clearinghouse, (2016). http://www.privacyrights.org/. (Last accessed on April 1st 2016).
Rindova, Williamson, I. O., and Petkova, A. P. (2010). Reputation as an intangible asset: Reflections on theory and methods in two empirical studies of business school reputations. Journal of Management, 36(3), 610–619.
Rindova, V. P., Williamson, I. O., Petkova, A. P., and Sever, J. M. (2005). Being good or being known: An empirical examination of the dimensions, antecedents, and consequences of organizational reputation. Academy of Management Journal, 48(6), 1033–1049.
Sánchez, J. L. F., Sotorrío, L. L., and Díez, E. B. (2012). Can corporate reputation protect companies’ values: Spanish evidence of the 2007 financial crash. Corporate Reputation Review, 15(4), 228-239.
Sarstedt, M., Wilczynski, P., and Melewar, T. C. (2013). Measuring reputation in global markets—A comparison of reputation measures’ convergent and criterion validities. Journal of World Business, 48(3), 329–339.
Schultz, F., Utz, S., and Göritz, A. (2011). Is the medium the message? Perceptions of and reactions to crisis communication via twitter, blogs and traditional media. Public Relations Review, 37(1), 20–27.
Schwaiger, M. (2004). Components and parameters of corporate reputation - An empirical study. Schmalenbach Business Review, 56(1), 46–71.
Schwartz, P. M., and Janger, E. J. (2007). Notification of data security breaches. Michigan Law Review, 105(5), 913–984.
Sinanaj, G., Muntermann, J., and Cziesla, T. (2015). How data breaches ruin firm reputation on social media! – Insights from a sentiment-based event study, in: Thomas. O.; Teuteberg, F. (Hrsg.). In Proceedings of the 12th International Conference Wirtschaftsinformatik (WI 2015), Osnabrück, 902-916.
Stevenson, R., Mikels, J., and James, T. (2007). Characterization of the affective norms for English words by discrete emotional categories. Behavior Research Methods, 39(4), 1020-1024.
Strauss, A., and Corbin, J. M. (1997). Grounded theory in practice. Sage.
Syed, R. and Dhillon, G. (2015). Dynamics of data breaches in online social networks: Understanding threats to organizational information security reputation. In Proceedings of the 36th International Conference on Information Systems (ICIS), Fort Worth, Texas.
Tetlock, P. C. (2007). Giving content to investor sentiment: The role of media in the stock market. The Journal of Finance, 62(3), 1139-1168.
Tetlock, P.C., Saar-tsechansky, M., and Macskassy, S. (2008). More than words: Quantifying language to measure firms’ fundamentals. The Journal of Finance. 63(3), 1437–1467.
Thelwall, M., Buckley, K., and Paltoglou, G. (2012). Sentiment strength detection for the social web. Journal of the American Society for Information Science and Technology, 63(1), 163-173.
Thelwall, M., Buckley, K., Paltoglou, G., Cai, D., and Kappas, A. (2010). Sentiment strength detection in short informal text. Journal of the American Society for Information Science and Technology, 61(12), 2544-2558.
Twitter Dev, (2015). The Search API. https://dev.twitter.com/rest/public/search. (Last accessed on April 27th 2016).
Walker, K. (2010). A systematic review of the corporate reputation literature: Definition, measurement, and theory. Corporate Reputation Review, 12(4), 357–387.
Walsh, G., and Beatty, S. E. (2007). Measuring customer-based corporate reputation: Scale development, validation, and application. Journal of the Academy of Marketing Science, 35(1), 127–143.
Yayla, A. A. and Hu, Q. (2011). The impact of information security events on the stock value of firms: The effect of contingency factors. Journal of Information Technology, 26(1), 60–77.