Research: Standard Response in Data Breach May Not Be Best

People whose personal information has been exposed may distrust the response of the organization where the data breach occurred if it looks like the response is too generous. In fact, two researchers from the University of Arkansas suggested, throwing money at a data breach may make the fallout worse.

Viswanath Venkatesh, a professor of information systems in the college of business, and Hartmut Hoehle, assistant professor of information systems, specifically examined two compensation strategies used by retailer Target after a data breach a year ago that affected 70 million customers. In the study the researchers collected 338 responses from affected individuals who participated in two surveys — one given immediately after the breach was publicized; and the second given after Target began its customer response efforts.

The surveys specifically asked respondents about their experiences and expectations for compensation, based on questions that examined their future shopping intentions, word of mouth and online complaints.

Free credit monitoring for a period — a typical response offered by breached organizations — was viewed as "overcompensation" for the damage done. Customers reacted more favorably to the retail chain's offer of a 10 percent discount on purchases.

As the researchers noted in a statement, the discount approach better fit what customers perceived justice should look like and had a more positive effect on their sentiment regarding the company.

"Overcompensated customers may feel that the breached organization is not transparent and respectful in its interaction with customers, which leads to low perceptions of justice and poor sentiment," said Venkatesh.

The researchers said they've developed a model that organizations can use to respond to data breaches for managing customer outcomes.

"Our findings demonstrate that firms should carefully consider response strategies and associated investments to a large-scale data breach," noted Venkatesh. "Despite the high costs of compensating all customers, managers may be tempted to solve the problem by 'throwing money at it' due to pressure from dissatisfied customers, widespread media attention and competitors' reactions to previous data breaches. Our findings emphasize that such a strategy may in fact be problematic."

The study has been submitted for publication and is currently under review.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • glowing digital brain above a chessboard with data charts and flowcharts

    Why AI Strategy Matters (and Why Not Having One Is Risky)

    If your institution hasn't started developing an AI strategy, you are likely putting yourself and your stakeholders at risk, particularly when it comes to ethical use, responsible pedagogical and data practices, and innovative exploration.

  • laptop screen with a video play icon, surrounded by parts of notebooks, pens, and a water bottle on a student desk

    New AI Tool Generates Video Explanations Based on Course Materials

    AI-powered studying and learning platform Studyfetch has launched Imagine Explainers, a new video creator that utilizes artificial intelligence to generate 10- to 60-minute explainer videos for any topic.

  • cloud and circuit patterns with AI stamp

    Cloud Management Startup Launches Infrastructure Intelligence Tool

    A new AI-powered infrastructure intelligence tool from cloud management startup env0 aims to turn the fog of sprawling, enterprise-scale deployments into crisp, queryable insight, minus the spreadsheets, scripts, and late-night Slack threads.

  • Stylized illustration showing cybersecurity elements like shields, padlocks, and secure cloud icons on a neutral, minimalist digital background

    Microsoft Announces Security Advancements

    Microsoft has announced major security advancements across its product portfolio and practices. The work is part of its Secure Future Initiative (SFI), a multiyear cybersecurity transformation the company calls the largest engineering project in company history.