Data Breach Consequences and Responses: A Multi-Method Investigation of Stakeholders

Author

Hamid Reza Nikkhah, University of Arkansas, FayettevilleFollow

Date of Graduation

5-2020

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Business Administration (PhD)

Degree Level

Graduate

Department

Information Systems

Advisor/Mentor

Varun Grover

Committee Member

Rajiv Sabherwal

Second Committee Member

Vernon Richardson

Third Committee Member

Amber Young

Keywords

cybersecurity, data breach, information systems

Abstract

The role of information in today’s economy is essential as organizations that can effectively store and leverage information about their stakeholders can gain an advantage in their markets. The extensive digitization of business information can make organizations vulnerable to data breaches. A data breach is the unauthorized access to sensitive, protected, or confidential data resulting in the compromise of information security. Data breaches affect not only the breached organization but also various related stakeholders. After a data breach, stakeholders of the breached organizations show negative behaviors, which causes the breached organizations to face financial and non-financial costs. As such, the objective of this dissertation is to better understand the effect of data breaches on the stakeholders of the breached organization and the factors that can inhibit the negative behaviors. This dissertation uses a multi-method investigation to examine two external stakeholders, customers and shareholders, in a data breach aftermath. Essay 1 identifies data breach event and announcement characteristics and examines the impact of these characteristics on the customers’ and shareholders’ behaviors. Essay 2 investigates the effective strategy that the breached organizations can adopt after a data breach incident by examining the impact of various data breach response strategies. It also investigates the effect of response times with respect to data breach notification laws on the stakeholders. Each essay constitutes two studies with appropriate research methods for the two stakeholders under investigation. The dissertation is expected to provide several implications for research and practice.

Citation

Nikkhah, H. (2020). Data Breach Consequences and Responses: A Multi-Method Investigation of Stakeholders. Graduate Theses and Dissertations Retrieved from https://scholarworks.uark.edu/etd/3643